Cannot upload file

tequila

Source code in below:

<HEAD>
<TITLE>Figure 7-3</TITLE>
</HEAD>
<BODY>
<?
if(isset($UploadedFile))
{
unlink($UploadedFile);
print("Local File: $UploadedFile <BR>\n");
print("Name: $UploadedFile_name <BR>\n");
print("Size: $UploadedFile_size <BR>\n");
print("Type: $UploadedFile_type <BR>\n");
print("<HR>\n");
copy($UploadedFile, "/tmp/".$UploadedFile_name) or die("Cannot copy");
sleep(2);
}
?>

</BODY>

Result :
Local File: /tmp/phpGOKcfK
Name: SetupDevMachine.txt
Size: 5987
Type: text/plain

Cannot copy

Please help.

Anon

Hi,
I think the statement unlink($UploadedFile); deletes the file.
Shift this next to copy(.....)

Cheers
Ajay

[deleted]

Quite right,
the first thing you do after finding out that a file has been uploaded is
unlink($UploadedFile);
wich deletes the file that has just been uploaded.

dstockto

This is actually more serious of a problem than just deleting the file that was just uploaded. You need to check the file to see if it was an uploaded file as well.

Use is_uploaded_file(). The is an exploit where a user can specify a local file to you or the web server. If he/she was to specify critical system files or etc/passwd or something similar, and you immediately unlink the file, say goodbye to the system, and hello to several hours rebuilding the OS.

Just a thought.

[deleted]

Luckaly under unix this is not that easy.

If you didn't completely F-up your system, your webserver will run under it's own ID, which has no rights to delete any critical files at all.

Worst case, you could give the name of a system file (/etc/passwd for example)
and PHP could theoretically copy that data instead of the real uploaded file, possible making it's content public.

dstockto

Once again, you are correct Vincent. Thanks for keeping me honest.

[deleted]

Yes, yes, I am good, I know... :-)