View Single Post
  #78  
Old 7th February 2006, 05:56
webstergd webstergd is offline
Member
 
Join Date: Dec 2005
Location: Washington, DC
Posts: 53
Thanks: 0
Thanked 0 Times in 0 Posts
Default

possible other solution way to "secure" your statement

$value will return a url ... for example purposes we will say /var/www/web[id]/cms

you could take the variable from $value and match the string exactly with a preset string. If data isn't exact, kill the function.

Code:
if ($value == /var/www/web[id]/cms)
rm -rf /var/www/web[id]/cms
else if ($value == /var/www/web[id]/joomla)
rm -rf /var/www/web[id]/joomla
else
die
in our example the first if statement will return true and
Code:
"rm -rf /var/www/web[id]/cms"
will execute.

if
Code:
$value = /var/www/web[id]/cms/"insert something bad here"
the command will not execute and you are safe.

This method will be slower and less efficent then checking the given variables. However, you will not be able to execute a command you might not want to execute such as..

"rm -rf /var/www/web[id]/cms/../../../../../../../../../../../"
which is equal to "rm -rf /"

This solution is also not flexable but we could change that around later by adding how it checks. such as a searching through a static array of possible values. We could build the static array through a read only config file.
Reply With Quote