Skip to content

Directory_traversal1.php.md

Latest commit

 

History

History
18 lines (13 loc) · 494 Bytes

Directory_traversal1.php.md

File metadata and controls

18 lines (13 loc) · 494 Bytes

Question

What is the problem here?

<?php
   $template = 'blue.php';
   if ( is_set( $_COOKIE['TEMPLATE'] ) )
      $template = $_COOKIE['TEMPLATE'];
   include ( "/home/users/phpguru/templates/" . $template );
?>

-----SPLIT-----

Answer

It is a Directory Traversal issue. The user can include files without restrictions. For example: 'Cookie: TEMPLATE=../../../../../../../../../etc/passwd' may return the file content. https://owasp.org/www-community/attacks/Path_Traversal