Question
So, my script allows people to write content into a .txt file and save it on the server. They can currently write anything they want to. This is the method I'm using to save the file.
https://stackoverflow.com/questions/16973595
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<?php
$victim = $_POST['victim'];
$user = $_POST['user'];
$comment = $_POST['comment'];
$IP = $_POST['IP'];
$data = "$victim | $user | $comment | $IP\n";
//open the file and choose the mode
$fh = fopen($victim.".txt", "a");
fwrite($fh, $data); //close the file fclose($fh);
print "User Submitted";
echo "URL is mysite.com/".$victim.".txt"
?>
My question is - is there anything they could write that would damage the way my server works?
Solution
Sure. I can send this string as your victim POST argument:
/var/www/your_website/index.php\0
And you'll modify index.php. The \0 makes PHP ignore the .txt extension. In user, I could send some PHP code and append it into your index page, which is pretty bad.
OTHER TIPS
This is an impossible question to answer because there are so many possibilities. One thing that I see is that someone could upload executable code or script. If the attacker can then cause the server to process the script in some way it could lead to compromise of the server. If the text file is ever served out to another user, you have a XSS vulnerability.
Yes. Depending on your server configuration, for example people could provide an URL (for example http://someotherpage/somepage?) as the victim argument and thereby make PHP open a HTTP (or some other kind of possibly malicious) connection. You propably don't want this to happen.
