|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
sm@rty Smarty Regular
Joined: 01 Oct 2014 Posts: 65
|
Posted: Fri Mar 13, 2015 8:52 pm Post subject: security notice in smarty [very very very dangerous]!!! |
|
|
hi
i find a security notice.
for example :
Code: | {$attacker_filename = ['attack1.php']}
{$attacker_content = ['<?php echo "hacked";?>']}
{array_map('file_put_contents',$attacker_filename,$attacker_content)} |
all php function like array_map can be dangerous. |
|
Back to top |
|
AnrDaemon Administrator
Joined: 03 Dec 2012 Posts: 1785
|
Posted: Fri Mar 13, 2015 10:04 pm Post subject: |
|
|
This is why you never allow random users to edit Smarty templates.
And generally disallow write access by the webserver to the parts of the site containing the code. |
|
Back to top |
|
U.Tews Administrator
Joined: 22 Nov 2006 Posts: 5068 Location: Hamburg / Germany
|
Posted: Sat Mar 14, 2015 5:14 am Post subject: |
|
|
Enable Security and allow only trusted PHP functions. |
|
Back to top |
|
sm@rty Smarty Regular
Joined: 01 Oct 2014 Posts: 65
|
Posted: Sat Mar 14, 2015 7:06 am Post subject: |
|
|
U.Tews wrote: | Enable Security and allow only trusted PHP functions. |
security is enabled and trusted PHP functions(please test) :
- array_map
- isset
- ...
file_put_contents function not exists in php_functions property. but attacker can execute by another function like array_map,array_filter.
some php function like array_filter,array_map and etc can execute any function because Accepts callable parameter ! so all php function can Accepts callable parameter is dangerous.
not dangerous ? |
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Sat Mar 14, 2015 12:59 pm Post subject: |
|
|
If you trust a function like array_map you open that door yourself. Don't trust those functions, make a wrapper function instead. This only concerns template editors FYI. |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|