PHP bug or what?

i made a slight mistake on my PHP code this afternoon and some weird thing happened. just to make sure that this was not some random error, i repeated this several times using both my root and regular users to run the program. the same thing came out.

here are the few lines that caused this:

$source=$_FILES[‘$fsource’][‘$name’]; // this is the line where i made the mistake.
move_uploaded_file($_FILES[‘fsource’][‘tmp_name’],$source);
extractExports($source);

simple breakdown on the code:

  • $source is just a pointer to the file w/c gets uploaded. this file is a tar-bzipped archive.
  • the function extractExports($source) is my wrapper to a PEAR class. File_Archive to be exact.
  • the process then extracts the archive into a folder.

the error:

  • $_FILES[‘$fsource’][‘$name’] is obviously wrong.
  • [‘$fsource’] and [‘$name’] should’ve been [‘source’] and [‘name’] instead.

what came out:

etc/
skel/
udev/
rules.d/
…… (*.rules) <– a lot of udev rules for devices
… udev.conf
… fstab
… group
… mtab
… passwd

maybe i should report this ASAP to php.net. has anyone ever encountered anything like this? this might be an exploit or something.

Advertisements

2 thoughts on “PHP bug or what?

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: