i made a slight mistake on my PHP code this afternoon and some weird thing happened. just to make sure that this was not some random error, i repeated this several times using both my root and regular users to run the program. the same thing came out.
here are the few lines that caused this:
$source=$_FILES[‘$fsource’][‘$name’]; // this is the line where i made the mistake.
move_uploaded_file($_FILES[‘fsource’][‘tmp_name’],$source);
extractExports($source);
simple breakdown on the code:
- $source is just a pointer to the file w/c gets uploaded. this file is a tar-bzipped archive.
- the function extractExports($source) is my wrapper to a PEAR class. File_Archive to be exact.
- the process then extracts the archive into a folder.
the error:
- $_FILES[‘$fsource’][‘$name’] is obviously wrong.
- [‘$fsource’] and [‘$name’] should’ve been [‘source’] and [‘name’] instead.
what came out:
etc/
… skel/
… udev/
… rules.d/
…… (*.rules) <– a lot of udev rules for devices
… udev.conf
… fstab
… group
… mtab
… passwd
maybe i should report this ASAP to php.net. has anyone ever encountered anything like this? this might be an exploit or something.
Similar Posts:
- > .xlsx Files Do Not Open On Ubuntu 11.10? October 19, 2011
- > “PROGRAM_NAME” Is Not Recognized As An Internal Or External Command, Operable Program Or Batch File December 20, 2013
- > Hide Your Disks Or Partitions From Nautilus June 25, 2011
- > Fix ./gradlew Permission Denied On OpenShift Deploy August 15, 2020
- > Printer Driver For Fuji-Xerox DocuCentre-II C3300 March 11, 2013