duanqi5114
2018-07-14 20:19
浏览 74
已采纳

wamp服务器如何通过点点斜杠防止访问根文件夹上方

How can I prevent access above root? (by dot dot slash)

I can see all files in the partition.

To test access i wrote this script & added a Go UP link:

<?php
$PartialPath = @$_GET['p']; if(empty($PartialPath)){ $PartialPath = ''; }else{ $PartialPath = "\\".$PartialPath; }
$PartialPath_Root = dirname(__FILE__);

$ScanPath = $PartialPath_Root . $PartialPath;
echo 'Scan: ',$ScanPath,'<br><br>';

    $Files_arr = scandir($ScanPath);
    foreach ($Files_arr as $file) {
        if ('.' === $file){}
        else if ('..' === $file){  echo '<a href="?p=',$PartialPath,'../" target="_self">.. GO UP </a><br><br>'; }
        else{ echo $file,'<br>'; }
    }
?>

unsing @Hamidreza Kalantari answer

I created a filter to detect if path is outside of root:

if(Func_AllowOnlyRootPath($PartialPath) == "1"){
    // continue...
}else{
    echo '<br>unsecure path - outside root<br>'; 
    //die('Directory Traversal Prevented');
}

echo '<br>PartialPath: ',$PartialPath, '<br>';
function Func_AllowOnlyRootPath($VerifyPath){ if(empty($VerifyPath)){ return "1"; }  $real_path=realpath($VerifyPath); if(strpos($real_path, ($_SERVER['DOCUMENT_ROOT']))!==0){ return "0"; } return "1"; }
function Func_AllowOnlyPhpScriptPath($VerifyPath){ if(empty($VerifyPath)){ return "1"; }  $real_path=realpath($VerifyPath); if(strpos($real_path, (dirname(__FILE__)))!==0){ return "0"; } return "1"; }

图片转代码服务由CSDN问答提供 功能建议

如何防止root以上的访问? (通过点点斜线)

我可以看到分区中的所有文件。

为了测试访问,我写了这个脚本&amp; 添加了一个Go UP链接:

 &lt;?php 
 $ PartialPath = @ $ _ GET ['p'];  if(empty($ PartialPath)){$ PartialPath ='';  } else {$ PartialPath =“\\”。$ PartialPath;  } 
 $ PartialPath_Root = dirname(__ FILE __); 
 
 $ ScanPath = $ PartialPath_Root。  $ PartialPath; 
echo'扫描:',$ ScanPath,'&lt; br&gt;&lt; br&gt;'; 
 
 $ Files_arr = scandir($ ScanPath); 
 foreach($ Files_arr as $ file){
  if('。'=== $ file){} 
 else if('..'=== $ file){echo'&lt; a href =“?p =',$ PartialPath,'.. /”  target =“_ self”&gt; .. GO UP&lt; / a&gt;&lt; br&gt;&lt; br&gt;';  } 
 else {echo $ file,'&lt; br&gt;';  } 
} 
?&gt; 
   
 
 

unsing @Hamidreza Kalantari回答

我创建了一个过滤器来检测路径是否存在 在root之外:

  if(Func_AllowOnlyRootPath($ PartialPath)==“1”){
 // continue ... 
} else {
 echo'  &lt; br&gt;不安全路径 - 外部根&lt; br&gt;';  
 // die('目录遍历已被阻止'); 
} 
 
echo'&lt; br&gt; PartialPath:',$ PartialPath,'&lt; br&gt;'; 
function Func_AllowOnlyRootPath($ VerifyPath){if(empty)  ($ VerifyPath)){return“1”;  $ real_path = realpath($ VerifyPath);  if(strpos($ real_path,($ _SERVER ['DOCUMENT_ROOT']))!== 0){return“0”;  } return“1”;  } 
function Func_AllowOnlyPhpScriptPath($ VerifyPath){if(empty($ VerifyPath)){return“1”;  $ real_path = realpath($ VerifyPath);  if(strpos($ real_path,(dirname(__ FILE __)))!== 0){return“0”;  } return“1”;  } 
   
 
  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

1条回答 默认 最新

相关推荐 更多相似问题