堆栈内存溢出
  简体   繁体   English

平面文件CMS(PAAS)的安全性

[英]Security for Flat File CMS (PAAS)

 原文  2015-06-09 15:19:38       php

问题描述

I am building a flat file cms that uses php files. 我正在建立一个使用php文件的平面文件cms。 Users will be able to rename files using an input field and the old and new file paths will be sent via ajax to the server where I test for security. 用户将能够使用输入字段来重命名文件,并且新旧文件路径将通过ajax发送到我在其中测试安全性的服务器。 I realize this could be done easier with regex or even OR operators. 我意识到使用regex甚至OR运算符可以更轻松地完成此操作。 I took the OR operators out so that the strings would not be too long for this post. 我删除了OR运算符,以使该帖子的字符串不会太长。 And as for regex, I'd like more control over the errors I send back to the client. 至于正则表达式,我希望对发回客户端的错误有更多的控制。

The CMS itself is much like a PAAS that resides in directory above all of the individual site folders that each user will have. CMS本身非常类似于PAAS,它位于每个用户将拥有的所有单个站点文件夹之上的目录中。 My goal is to keep users from injecting code that might interfere with other (adjacent) user folders or the cms itself in the parent directory above. 我的目标是阻止用户注入可能干扰其他(相邻)用户文件夹或上方父目录中的cms本身的代码。

I have not parsed the path's yet for validity. 我还没有解析路径的有效性。 I am just trying to get an idea of how a malicious user might be able to take advantage of what I have written so far. 我只是想了解一个恶意用户如何能够利用我到目前为止所写的内容。 

<?php
 $old_path = $_POST['file'].'.php'; // path/to/file.php
 $new_path = $_POST['new_file'].'.php'; // path/to/newfile.php';
  if(strstr($new_path,"<?")){
    echo "Sorry, path cannot contain script tags";
  }elseif(strstr($new_path,"?>")){
    echo "Sorry, path cannot contain script tags";
  }elseif (strstr($new_path,">")){
    echo "Sorry, path cannot contain script tags";
  }elseif (strstr($new_path,"<")){
    echo "Sorry, path cannot contain script tags";    
  }elseif($new_path[0]==="." OR $new_path[0]==='/' OR $new_path[0]==='\\'){
    echo 'Sorry first character of path cannot be a period or slash';
  }else{

    //this is set when the user logs in based on details in a database
    $users_dedicated_directory = $_SESSION['userfolder'].'/';

    // add the users folder when renaming just for more control
    $old_path = $users_dedicated_directory.$old_path;

    // add the users folder when renaming just for more control
    $new_path = $users_dedicated_directory.$old_path;

    rename($old_path,$new_path);

    //trim the users folder name. Send it back to the client  
    echo explode($users_dedicated_directory,$new_path);    
   }   
?>

1 个解决方案

解决方案1
 0  2015-06-09 15:50:44

if new_path is something like a/../../path/to/one/of/you/cms/core/file.php if think a malicious user could overwrite some files of your CMS. 如果new_path类似于a/../../path/to/one/of/you/cms/core/file.php如果认为恶意用户可能会覆盖CMS的某些文件。

You'll have to remove write permissions for the web server to nay of your CMS files to prevent that. 您必须删除Web服务器的写许可权,才能删除CMS文件,以防止这种情况。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 有关标准的自定义平面文件“ CMS”问题 - Custom flat-file “CMS” questions on standards 映射平面文本文件 - Mapping a flat text file 排序平面文件数组 - Sort flat file array 解析平面文件 - Parse flat file SSIS平面文件到FTP - SSIS Flat File to FTP 流行的 PHP CMS 的历史安全漏洞? - Historical security flaws of popular PHP CMS's? 使用安全事实在PHP中开源CMS! - Open Source CMS in PHP with Security facts! CMS上传图片文件的安全性问题 - CMS upload picture files security issue php Cms需要考虑哪些安全方面的考虑? - What security considerations need to be made for a php Cms? PHP CMS在一个文件中 - PHP CMS in one file
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM