Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Added another major PHP security issue in their example code. #37

Merged
merged 1 commit into from

2 participants

@ss23

I'm on Freenode under Snowman23 or ss23 to discuss if needed

@paulirish
Owner

sweet! thx. :)

@paulirish paulirish merged commit bb07661 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 10 additions and 0 deletions.
  1. +10 −0 index.html
View
10 index.html
@@ -1330,6 +1330,16 @@ <h1 id="intervention"><b>W3Schools</b> An Intervention</h1>
attacks and should never have been posted. It contravenes every best practice.
</p>
</li>
+
+ <li id="php_file_upload">
+ <a href="#php_file_upload" class="wrap">#</a>
+ <a href="http://www.w3schools.com/php/php_file_upload.asp" rel="nofollow" class="w3s-link">www.w3schools.com/php/php_file_upload.asp</a>
+ <blockquote><pre><code>move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);</code></pre></blockquote>
+ <p>
+ Anyone could upload a file with a name like "../hacked.php", and PHP would happily write it.
+ It is not okay to do no validation on a file upload, this is a massive security risk
+ </p>
+ </li>
<li id="specs">
<a href="#specs" class="wrap">#</a>
Something went wrong with that request. Please try again.