I am learning "penetration testing of web server / websites". I am testing a web server security with the following steps:
Test 1:
Through inspect element tools I added new form element
Test 2:
I filled the form elements which were already exists and browse php file through my injected input file tag, when i submit the form,
it submitted and also uploaded the file (sure the uploaded file would
be pitched in temp folder of that website temp folder)
Test 3:
Now I am hanged here, because I don't know how to access that php file i uploaded with Step 2?
Any idea would be appreciated.
Thanks for your cooperation.
For the uploaded file to be run directly from the browser would imply that the temporary folder is inside the web root which is a major security flaw that you will not find frequently.
Hopefully very few people are stupid enough to change that default configuration option to put temporary files in the web root.
Related
I am currently having problems with testing a known working file upload script while migrating a site to a new server.
I have migrated the entire site to the new server and everything works as it should apart from the original file upload script. I have not pointed the domain names to the new server as yet, accessing it through changing my hosts file on my local machine.
Before writing a simple upload test script, could there be any reason I am missing that is preventing my file uploads from working - for example, security issues?
Is it likely that the file upload directory location is pointing to the original server?
Please, put all the files in the content folder directly to the public directory of the live server.
E.g: Select all in the content folder and paste it directly on the public folder.
I'm reading about security stuff for PHP and my biggest concern now is the users file upload form. I've read a lot that some users may upload files that seems to be something else by changing the extension or even manipulating the header and the mimetype. I understand this.
But my question is how will this be an issue if I rename any uploaded file and move it to a directory that they do not know.
Please let me know if this will be enough or not, and if not, just give me some headline of what extra security checks should I perform
Thanks a lot
It really depends on what your online application is looking to achieve. If you wish to limit access directly to files which are uploaded, then you should set the folder permissions for the parent folder of the uploaded area to block user access. Then in your database you can record to path and only host the files through the http response. This will ensure that no files are accessed which could be potentially harmful, and also that users can still upload what they feel. As an extra step, you could add an erroneous file extension to each file while it is hosted and then remove it when it is served.
You might run an antivirus scan daemon in the background like avscand, configured. for scanning and moving infected files to a quarantaine directory. This ought to prevent delivering infected files later back to the people. Configure automatic virus database updating. A bit back that I did do such things, so investigate.
A simple renaming of the file name to one with safe characters should be sufficient; per user separated of course.
To have a more secure site the following needs to happen:
Due to the nature of security, this list will need be updated every so often.
Set the upload_max_filesize to something sensible
Install an Antivirus on the server
Set the upload_tmp_dir to something sensible, that the user may not access. See Setting PHP tmp dir - PHP upload not working
Have your form you upload files (which you already have done)
Your form handler should:
Run a file command to get the type of the data without executing it
Reject random files
The PHP interpreter will validate the file size
Run the virus scanner on the file
Do a file rename to ensure the filename is clean (if you need to reference things, it is convenient to rename the file to the primary key of your attachments table)
Move the file to a location that isn't accessible by the client (but move it, so if a later upload comes in with the same name nothing happens)
When you move the files, ensure they don't have execute permissions
I am facing some typical problem from one of my project.
A section in my project need a file up loader. The requirement is when an user clicks on the browse button, it will not only opens up the local directory, the already uploaded file directory need to accessed as well.
In simple file uploader only the local directory can be accessed, I cannot able to fine any way out.
If any one can help me in this issue, it will be great for me.
Thanks in advance.
Is impossible to use to use the "file open dialog" / file uploader to browse files from server.
You can create a dialog inside your browser with (html,css,php).
Is difficult to give an example, because I do not know your requirements.
However you have to use two buttons, it will be easier:
upload from your computer
upload from the server
On click "upload from the server" , opens a window IN BROWSER (HTML+CSS) , that lists your folders and files on the server.
To implement this , read here:
http://php.net/manual/en/function.scandir.php
http://php.net/manual/en/function.readdir.php
I'm not sure if this is the best place to ask this question. However, I accept the possiblity of the question being moved/deleted.
I current have a website that does some file processing if a directory name is provided (local file system). I take the input in an HTML form. I'm looking to incorporate a script that allows the user to upload files / see the directory structure within the website directory. (Instead of them having to remember the name of the folder). However, most importantly, I'm looking for the two following features:
-Ability to be able to click and unzip a .zip or .rar file that they upload (Very important).
-Ability to perhaps incorporate the project as a sidebar using frames (Not that important, I could modify the scripts index page, if I have to).
A really good script, I found online was http://www.filelistpro.com/features.html, however, the problem is that it doesn't handle the option for unzipping a file.
Ajaxplorer - Demo - login using demo/demo
More information - http://www.ajaxplorer.info
I have read the following tutorial "Uploading Files To the Server Using PHP"
and have several questions related to the topics.
Q1> The tutorial mentions that
"Note that PHP must have write access
to $uploadDir or else the upload will
fail"
For me, I only allow the user to upload the file after the user has login to the website.
If we set that $uploadDir permission as 777, then everyone can have written permission to that folder. How to avoid this problems?
Also I am using WAMP as my testing bed, can I simulate the same case as a real web server?
Q2> In order to prevent Preventing direct access, the tutorial mentions:
"A better approach is to move the
upload directory away from your web
root. For example, the web root for
this site is:
/home/arman198/public_html/ to prevent
direct listing i can set the upload
directory to /home/arman198/upload/."
Now my problem is that how can I display the uploaded images on other website pages. Since, the upload is not accessible directly anymore? I need to display the uploaded image save personal headshot dynamically on other website page. Is it possible?
Thank you
It's a common problem.
All modern computers have a temporary files directory. On Linux/Unix it's /tmp, on Windows it's usually c:\temp. The OS install will have set permissions on that directory so that anyone can write files there but only privileged users can delete files that don't belong to them. This is where PHP will want to put an uploaded file; your application then has to move it elsewhere (this is the purpose of the move_uploaded_file() function). PHP under Windows may need upload_tmp_dir actually set in the php.ini file.
Once you have an uploaded file, you can shift it whereever you like, including to where the webserver can read it to serve it. The biggest problem with that it is awfully easy to put this directory inside your codebase. Don't do that. As soon as you do anything beyond editing the files inside the directory they are served from, it will be problematic. Trust me: I've dealt with a few times this in code I've inherited. It's easy to let your webserver load files from a location outside your codebase.
The other alternative is to produce a download script. That way the file need not be servable by the webserver at all. One disadvantage is that you don't get to leverage the web server's MIME translation, but then, that lets you control which types of image files are permitted.
For the second question, you can use a PHP script intead of direct access to the directory. Lets name it image.php. Lets assume that it can take a parameter id, like image.php?id=image_id. In that file you can get the id using superglobal array $_GET. Then you can search for images with that Id and just send it as response.
First one I'm not sure, but maybe play with .htaccess file.
And for the first question, try setting your permissions to 775. That should allow PHP to write the file to the directory without giving the general public write access.