@homemadejam2006 file_exists is vulnerable to null byte attacks, if someone had enough time they could get the include line to include a log file and execute random php code.
@betterphp After looking into the Null Byte Attack a little (As I'd never heard of that one until you mentioned it), I've done a bit of testing, and I can't see that my code provided is vulnerable to this attack.
Anything added to the url is added to a variable which is made up from "p/FILENAME.php", and then that is checked. So even if someone were to add some code, it would end up searching to see if the file "p/../../mypasswordfile.txt\0.php" exists. Which it doesn't right? Or am I confused?
@homemadejam2006 \0 marks the end of the string in C (the language that the php compiler is written in) so by adding a \0 at the end of $_GET['page'] the user can *chop off* the .php. This then allows them to include any file. If you want to talk about it more can you post on the forum as youtube comments are impossible.
just following this tutorial and 2 things seems to be wrong wether its just me where you have put $pages = substr("{$core_path}/page"); this doesnt seem to work in my setup also I just get a 404 error when clicking on the folder with these files in even though index.php is thier is thier n e thing in my php.ini that could be preventing this?
@fatmouth100 okay, well if you are getting a 404 error it means you have the url wrong :? have you got to the part with the htaccess file yet ? if not try deleting any htaccess files in the folders above the current one.
@betterphp this is the code i have and as far as i can see its exactly the same as yours from the video if (empty($_GET['page']));{ header('Location: home'); die(); } $core_path = dirname(__FILE__); $pages = scandir("{$core_path}/pages"); unset($pages[0], $pages[1]); foreach($pages as &$page){ $page = substr($page, 0, strpos($page, '.')); } if (in_array($_GET['page'], $page)){ $include_file = "{$core_path}/pages/".$_GET['path'].".page.inc.php";
@fatmouth100 well you have a redirect loop, so are you sure that your $_GET variable has the right name ? both tin the htaccess file and the php script.
I like my method better :P - my template page just has a variable in the dynamic main part. then in every page i just set that variable then include the template.
Although your auto-updating menu is convenient O.o
This seems quite an awkward way of doing something simple...
Wouldn't this method be much easier? pastebin . com/3xKQvYLz
homemadejam2006 8 months ago
@homemadejam2006 file_exists is vulnerable to null byte attacks, if someone had enough time they could get the include line to include a log file and execute random php code.
betterphp 8 months ago
@betterphp After looking into the Null Byte Attack a little (As I'd never heard of that one until you mentioned it), I've done a bit of testing, and I can't see that my code provided is vulnerable to this attack.
Anything added to the url is added to a variable which is made up from "p/FILENAME.php", and then that is checked. So even if someone were to add some code, it would end up searching to see if the file "p/../../mypasswordfile.txt\0.php" exists. Which it doesn't right? Or am I confused?
homemadejam2006 7 months ago
@homemadejam2006 \0 marks the end of the string in C (the language that the php compiler is written in) so by adding a \0 at the end of $_GET['page'] the user can *chop off* the .php. This then allows them to include any file. If you want to talk about it more can you post on the forum as youtube comments are impossible.
betterphp 7 months ago
just following this tutorial and 2 things seems to be wrong wether its just me where you have put $pages = substr("{$core_path}/page"); this doesnt seem to work in my setup also I just get a 404 error when clicking on the folder with these files in even though index.php is thier is thier n e thing in my php.ini that could be preventing this?
fatmouth100 1 year ago
@fatmouth100 I doubt I used substr() like that, perhaps look more closely at that code.
betterphp 1 year ago
@betterphp
tireid been a long day it was ment to be scandir
fatmouth100 1 year ago
@betterphp
tired its been long day I should have copied and paste " $pages = scandir("{$core_path}/pages");"
fatmouth100 1 year ago
@fatmouth100 okay, well if you are getting a 404 error it means you have the url wrong :? have you got to the part with the htaccess file yet ? if not try deleting any htaccess files in the folders above the current one.
betterphp 1 year ago
fatmouth100 1 year ago
}else{
$include_file = "{$core_path}/pages/home.page.inc.php";
} says problem loading page
and the error msg says
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
fatmouth100 1 year ago
@fatmouth100 well you have a redirect loop, so are you sure that your $_GET variable has the right name ? both tin the htaccess file and the php script.
betterphp 1 year ago
@betterphp
ignore it i had put in a extra semicolon and didnt notice it
fatmouth100 1 year ago
I like my method better :P - my template page just has a variable in the dynamic main part. then in every page i just set that variable then include the template.
Although your auto-updating menu is convenient O.o
RawRzCopteR 1 year ago