PHP Snippet #01

This challenge covers the review of a snippet of code written in PHP

PRO
Tier
Easy
< 1 Hr.
1795

In this challenge, we examine a PHP function named list_files_for_user that takes a username as a parameter. The function creates a base directory named "files/username" if it doesn't already exist and then returns a list of files in that directory, excluding the current and parent directory references. However, the code is vulnerable to directory traversal attacks because it concatenates the username directly without validation.

If an attacker inputs a malicious username like ../../../etc, they could potentially traverse directories and read sensitive files like those in the /etc directory. To mitigate this risk, the developer should use the basename function to sanitize the username and remove any directory traversal sequences before concatenating it with the directory path "files/". This will ensure that only valid filenames are used, preventing unauthorized directory access.

Want to learn more? Get started with PentesterLab Pro! GOPRO