Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix path traversal exploit
Using path travel and viewer.php you can get files like the config file.
[url]/viewer.php?type=png&file=../png/../png/../png/jAfQv
  • Loading branch information
ssl committed Mar 1, 2017
1 parent 2ac3cd4 commit bd23c78
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion public/viewer.php
Expand Up @@ -21,7 +21,7 @@

$filelocation = __DIR__ . "/images/$type/$file.$type";

if ( ! file_exists($filelocation)) {
if ( ! file_exists(realpath($filelocation)) || ! array_key_exists($type, $types) ) {
header('HTTP/1.0 404 Not Found');
include_once __DIR__ . '/protected/templates/error.phtml';
die();
Expand Down

0 comments on commit bd23c78

Please sign in to comment.