Directory traversal attacks

4/26/2022 2:49 pmRay BorduinWebAssist

The issue is on the eldesk-tech-support.php page.

You are getting the name of the file to download from a hidden form element. That allows a would-be hacker to change the value of the hidden form element to download whatever file they want from your site.

Instead you should remove the hidden form element and get the file name from the recordset directly. So instead of this on line 17:

WA_DFP_DownloadFile("WA_DownloadResult1", "downloads/helpdesk/", "".((isset($_POST["hidden"]))?$_POST["hidden"]:"")  ."", "".((isset($_POST["hiddenname"]))?$_POST["hiddenname"]:"")  ."", false, false, false, "", "", "", "");
}

Instead use:

WA_DFP_DownloadFile("WA_DownloadResult1", "downloads/helpdesk/", "".($rsHelpdesk->getColumnVal('File',false))  ."", "".($rsHelpdesk->getColumnVal('Title'))  ."", false, false, false, "", "", "", "");
}

Then you can delete your two hidden form elements. That way the file name can't be manipulated. Paths in other locations aren't relevant and can be left as they are.

Did this help? Tips are appreciated...

Email me with all replies to this thread

Title:

Public Message: (viewable by anyone reading this thread)
(do not cut and paste code into this field unless necessary, attach copies of your pages so they can be opened in Dreamweaver for debugging)

Type in the characters exactly as displayed below - if you don't complete the Captcha correctly you will get a blank page, so you may want to copy the text of your message before you submit!

Quote message in reply?

Private Message: (viewable only by you, the person you are replying to, and WebAssist employees)
(only put truly private information in this area such as ftp details and phone numbers. Keep as much of your post public as possible)

These attachments are private (viewable only by you, the person you are replying to, and WebAssist employees)

Manage Attachments

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

4/26/2022 2:49 pmRay BorduinWebAssist

Build websites with a little help from your friends

Build websites from already-built web applications

Want your website pre-built and hosted?

Everything else!

U.S. 858.201.4911 | International +1.858.201.4911

We've earned your trust.

Connect with us.

Post a question as

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Directory traversal attacks

4/26/2022 2:49 pmRay BorduinWebAssist

Build websites with a little help from your friends

Build websites from already-built web applications

Want your website pre-built and hosted?

Everything else!

U.S. 858.201.4911 | International +1.858.201.4911

We've earned your trust.

Connect with us.

Rate your experience or provide feedback on this page

We were unable to retrieve the attached file

Post a question as

Attach and remove files

Enter the URL you would like to link to in your post

This is how you use right click RTF editing