hi,
i wrote a script to view the source code of php files now i don't want that the whole world knows my MySQL passes (and other) passes he so i discovered a bug i have this file called "dbinfo.php" if call the script like this
http://www.mydomain.com/source.php?file_name=dbinfo.php
people will see a message that this is forbidden BUT if i call it like this
http://www.mydomain.com/source.php?file_name=DbInfo.php
the whole sourcecode including my MySQL is visible !!!!!
this is the source of the script
<?php
$basedir = getenv("$DOCUMENT_ROOT");
$ip= getenv("REMOTE_ADDR");
$urlcore="http://www.mydomain.com
//set name of file that you dont want to show
$forbiddenfile="forbidden.php";
$temp=explode("/",getenv("SCRIPT_NAME"));
$thisscript=$temp[count($temp)-1];
echo "<body bgcolor=#FFFFFF>";
echo "<body text=#000000>";
//echo "<br><br><center><a href=$urlcore/source.php?file_name=$thisscript>show this source</a></center><br><br>";
$code=ereg_replace("(\.\.)+","",$code);
if(ereg($forbiddenfile,$code)) {
echo " hi there $ip the file that you want to show the source is not allowed";
exit;
}
$fileexist=0;
for($idx=0;$idx<count($basedir);$idx++) {
if(file_exists($basedir[$idx].$code)) {
$filename=$basedir[$idx].$code;
$fileexist=1;
}
}
if($fileexist) {
ob_start();
show_source($filename);
$text = ob_get_contents();
ob_end_clean();
$text=ereg_replace("([_a-zA-Z0-9-]+)+/([_a-zA-Z0-9-]+\.)+php","<a href=$urlcore/source.php?file_name=\\0>\\0</a>",$text);
echo $text;
}
else
echo "could not open file $code";
?>
php must be able to remove uppercase characters is it how ??????
regards
Erik
