@justanoob wrote:
So a user of mine brought up an interesting security vuln that stems from ExeOutput I believe. ExeOuput has a dir called “Data” in which it places the index file. I wasnt aware of this, but if the user puts their OWN file in the Data dir with the same name as the original index file, it will use their file rather than the one in the compiled EXE, the result is that they can then do something like this:
<?php $myfile = fopen("C:\TEST6\Data\util.php", "r") or die("Unable to open file!"); echo fread($myfile,filesize("C:\TEST6\Data\util.php")); fclose($myfile); exit; ?>Being able to run code is the problem. From here, they could print the contents of every file, whether they should be able to see it or not. And since the PHP files are not encrypted at this point, no amount of encrypting would do any good.
I have to assume that this is a well known vuln considering it’s simplicity and that there is a workaround for this maybe? How can I protect against something like this, or is it simply not possible.
Posts: 5
Participants: 2