The following code is written in the php template:
function langs($a) { $type_lang = $_GET['lang']; eval(file_get_contents("system/langs/$ type_lang.txt ")); return $worlds[$a]; } Could he be dangerous with anything?
Deleted
351 1 golden mark 5 silver marks 13 bronze marks
ModaL ModaL
2,606 5 gold signs 42 silver marks 112 bronze marks
|
2 answers
Can. If the villain is aware of the device, and can somehow upload a text file to the server, albeit in a different folder, then calling shablon.php?lang=../../uploads/ evil.txt executes its code.
Sergiks Sergiks
28.3k 3 gold marks 39 silver marks 78 bronze marks
- But in this case, I set a condition, saying that if lang! = Rus or eng, then the work is completed ... - ModaL
- I answered the original question. If you allow only one of the hard-coded options, probably not so scary. Still, using
eval()to load language strings is not the best solution. - Sergiks
|
Are you sure that your system does not have and never will appear any holes that allow you to write something to this very same $ type_lang.txt ?
If this happens, your script will immediately turn into a shell.
Conclusion: eval is safe only with static code inside
Snow snow
1.274 6 silver marks 10 bronze marks
- And for example what holes can be? I don't seem to give the opportunity to write something down there and do it myself manually .. - ModaL
- "like". I have an iron rule - treat your code as if it would be used by your worst enemy. - Snow
|
$type_langconsists only of letters and numbers. - ReinRaus