Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 26 May 2013, 17:50
squishi squishi is offline
 
Join Date: May 2006
Question Security issue?

This code is in newattachment.php:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

It deletes (=unlinks) a file that is coming from user input.
Wouldn't this allow an attacker to delete any file on the server or in the vb system?
All I would need to do is post the filepath in the attachment[tmp_name] variable to newattachment.php (and make sure that the condition is met).
Reply With Quote
  #2  
Old 26 May 2013, 17:58
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
 
Join Date: Aug 2008
Real name: Simon
Have you tried it?
__________________
Kind regards,
Simon Microsoft Office Help
My Mods: Find my modifications here
Please do not pm me for support unless i have invited you to!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 06:59.

Layout Options | Width: Wide Color: