Permalink
Browse files

Merge pull request #37 from ss23/patch-1

Added another major PHP security issue in their example code.
  • Loading branch information...
2 parents b11ba86 + 3c5bdd2 commit bb07661932a6df3669e064baf04fbe29d30b483e @paulirish paulirish committed Dec 29, 2011
Showing with 10 additions and 0 deletions.
  1. +10 −0 index.html
View
@@ -1330,6 +1330,16 @@ <h1 id="intervention"><b>W3Schools</b> An Intervention</h1>
attacks and should never have been posted. It contravenes every best practice.
</p>
</li>
+
+ <li id="php_file_upload">
+ <a href="#php_file_upload" class="wrap">#</a>
+ <a href="http://www.w3schools.com/php/php_file_upload.asp" rel="nofollow" class="w3s-link">www.w3schools.com/php/php_file_upload.asp</a>
+ <blockquote><pre><code>move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);</code></pre></blockquote>
+ <p>
+ Anyone could upload a file with a name like "../hacked.php", and PHP would happily write it.
+ It is not okay to do no validation on a file upload, this is a massive security risk
+ </p>
+ </li>
<li id="specs">
<a href="#specs" class="wrap">#</a>

0 comments on commit bb07661

Please sign in to comment.