possible file attack :S

Shai-Hulud

<?php
if (isset($GET['go']))
{
$uploaddir = '/torrents/';
$uploadfile = $uploaddir . $FILES['userfile']['name'];
print "<pre>";
if (move_uploaded_file($FILES['userfile']['tmp_name'], $uploadfile)) {
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
print "</pre>";
}
else
{
echo '<form method="post" enctype="multipart/form-data" action="test.php?go=1">';
echo '<INPUT type="hidden" name="MAX_FILE_SIZE" value="1024">';
echo '<input type="file" name="userfile">';
echo '<input type="submit"></form>';
}
?>

the problem is simple, i pluked this script from the phpbuilder help, added it in the if loop, but it doesnt work, it says that there is a possible file attack 😮

anyone see what is wrong here?

piersk

What size of file are you uploading?

skibobdi

am I right in thinking the upload filesize limit is 1k?

if so, then like the guy above is thinking, that may be your problem.

piersk

Originally posted by skibobdi
am I right in thinking the upload filesize limit is 1k?

if so, then like the guy above is thinking, that may be your problem.

I had a dog and his name was BINGO!!

Shai-Hulud

I changed the maxfilsize to 262144 but I still get this output:

Possible file upload attack! Here's some debugging info:
Array
(
[userfile] => Array
(
[name] => Koi_Kaze_06_[a-s][1E81DB3C].avi.torrent
[type] =>
[tmp_name] =>
[error] => 2
[size] => 0
)

)

EDIT: the uploded file is 11kb

Shrike

Originally posted by piersk
I had a dog and his name was BINGO!!

Could he do tricks?

piersk

Indeed he could. Like the debugging of code.

Taught him that one myself 😃

Shrike

Bingo the Wonder Dog and his Magic Bone of Debugging
[FONT=courier]
,-~~-,
.-~; ;~-.
/ / \ \
{ .'{ o o '. }
~ { .--. } ~
;/ \;
/'. () .'\
/ ~~~~ \
; ;
{ }
{ } { }
{ } { }
/ \ / \
{ { { }{ } } }
~~~~~ ~~~~~

                               (`"======="`)  JJ*
                               (_.=======._)

[/FONT]

Shrike

Oh my god what did you do to Bingo! Dog murderer!

Can you tell it's Friday afternoon?

Shai-Hulud

?:?

I see no dogs in this code :S:?

piersk

Ok then... I've just fiddled with the code a bit and the following works for me:

<?php
	if (isset($_GET['go']))
	{
		$uploaddir = './upload/';
		$uploadfile = $uploaddir . $_FILES['userfile']['name'];
		print "<pre>";
		if  (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile)) 
		{
			print "File is valid, and was successfully uploaded. ";
			print "Here's some more debugging info:\n";
			print_r($_FILES);
		} 
		else 
		{
			print "Possible file upload attack! Here's some debugging info:\n";
			print_r($_FILES);
		}
		print "</pre>";
	}
	else
	{
		echo '<form method="post" enctype="multipart/form-data" action="upload.php?go=1">';
		echo '<INPUT type="hidden" name="MAX_FILE_SIZE" value="1024000">';
		echo '<input type="file" name="userfile">';
		echo '<input type="submit"></form>';
	}
?>

Please note that the destination directory has to be world writable (0777) and you will notice that I've set the max file size to be (approx) 1 MB

I've also attached the code above in a .txt file.

Shai-Hulud

it works 🙂. but why does the odl version not work, I do not understand :S

piersk

The main difference is because you had

/torrents/

which implies a root directory, whereas in mine it has

./torrents/

which implies a directory below the current one called torrents.

Its a difference between:

/torrents/

and

/path/to/web/root/torrents/

hope that makes sense 🙂

Shai-Hulud

So it means taht I should put a . before the path fo all paths in php?