Programming Forums - View Single Post

Sane · Jan 24th, 2006, 12:25 AM

I have a page that will take the GET parmater "filename" append it to the current working directory, then the downloads folder. And send a download attatchment for that file.

http://jammersbase.ath.cx/download?f...e=oxygene4.mid

Is there any way somebody could manipulate this by possibly lowering a directory then downloading main.py or something to gain access to my source?

I think I may have made it safe by making oxygene4 in a folder up from the main folder, because if they used a / to go up a folder, it will think you're looking for the folder oxygene4.

Meh, I think I'm just babbling. Exploits anyone?

Jan 24th, 2006, 12:25 AM	#1
Sane Programming Guru Join Date: Apr 2005 Location: Waterloo, Ontario Posts: 1,885 Rep Power: 5	PyCherry Help? Is this safe? I have a page that will take the GET parmater "filename" append it to the current working directory, then the downloads folder. And send a download attatchment for that file. http://jammersbase.ath.cx/download?f...e=oxygene4.mid Is there any way somebody could manipulate this by possibly lowering a directory then downloading main.py or something to gain access to my source? I think I may have made it safe by making oxygene4 in a folder up from the main folder, because if they used a / to go up a folder, it will think you're looking for the folder oxygene4. Meh, I think I'm just babbling. Exploits anyone?