Nice attempt but seems to fall short of what http://phpfiddle.org/ offers.
No VIM at the fiddle but it has SQL and more.
http://sandbox.onlinephpfunctions.com/
http://www.writephponline.com/
There are loads of them. Catch 'em all!
WARNING!!!
foreach (new DirectoryIterator('./') as $fileInfo) {
if($fileInfo->isDot()) continue;
echo $fileInfo->getFilename() . "<br>\n";
}Just told me what is in your doc root. This is unsafe phpio. I bet I could read your password and get to your webroot. Get rid of this right now!!!!
@diafol
Actually it is possible and it is also possible to overwrite files or inject code into the RAM... honeypot? :D
@diafol
Thank you, It's underconstruction.
But I think it is impossible to access to my webroot.
Hope you will tell me If you figure out something wrong.
@phpio
Hi,
test diafol's script and execute / you get the system root, you can traverse the filesystem, you can arrive to the passwd file from there. Also, it's possible to:
error_log() functionI suggest you to stop this box, and start from a new installation, set correct permissions otherwise the system can be compromised.
Hi cereal. I did get into his webroot and managed to read files (spl fileinfo anyone?). I sent a PM to say as much. This is the problem with roll your own executors. There.s always one class or module that you forget to protect against. It only takes one though.
Thank you guys for pointing out problem...
@diafol
Could you please let me know how to prevent from getting that information?
I think you.ve protected yourself with preventing access above docroot and stopped spl classes. I (almost) never use system or exec commands in my code so I couldn.t give you and exact list of things to block. However I can usually spot a problem if I see one. I don.t think it would be appropriate to discuss what you have and haven.t done on an open forum if your site is still live; and I don.t have the time to discuss via PM. Anybody else?
@phpio
Hi,
the source of __FILE__ (and the other files in the same path) can still be read with this line:
include "php://filter/convert.base64-encode/resource=index.php";This is a variant of the LFI (Local File Inclusion attack) that uses php://filter and will return a base64 string that, converted, shows the source code. When the filesystem was accessible then reading the contents of files, like /etc/passwd, was simply a matter of writing the correct path.
More info about php:// @ http://php.net/manual/en/wrappers.php.php
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.