Register Members List Search Today's Posts Mark Forums Read

Thread Tools
Old 26 May 2013, 17:50
squishi squishi is offline
Join Date: May 2006
Question Security issue?

This code is in newattachment.php:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

It deletes (=unlinks) a file that is coming from user input.
Wouldn't this allow an attacker to delete any file on the server or in the vb system?
All I would need to do is post the filepath in the attachment[tmp_name] variable to newattachment.php (and make sure that the condition is met).
Reply With Quote
Old 26 May 2013, 17:58
Simon Lloyd's Avatar
Simon Lloyd Simon Lloyd is offline
Join Date: Aug 2008
Real name: Simon
Have you tried it?
Kind regards,
Simon Microsoft Office Help
My Mods: Find my modifications here
Please do not pm me for support unless i have invited you to!
Reply With Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

New To Site? Need Help?

All times are GMT. The time now is 08:59.

Layout Options | Width: Wide Color: