漏洞描述
目录遍历指的是应用程序对文件路径没有检查导致服务器上的敏感文件/代码泄漏。
漏洞危害
可能会导致源代码等敏感信息泄露。
修复建议
严格检查文件路径参数,限制在指定的范围。严格限制文件路径参数,不允许用户控制文件路径相关的参数,限定文件路径范围。
修复实例参考
ASP漏洞代码示例:
- <%
- Dim FileName
- FileName = Request.QueryString("FileName")
- Response.Clear
- Response.ContentType = "application/octet-stream"
- Response.AddHeader "content-disposition", "attachment; filename=" & FileName
- Set Stream = server.CreateObject("ADODB.Stream")
- Stream.Type = 1
- Stream.Open
- Stream.LoadFromFile Server.MapPath(FileName)
- While Not Stream.EOS
- Response.BinaryWrite Stream.Read(1024 * 64)
- Wend
- Stream.Close
- Set Stream = Nothing
- Response.Flush
- Response.End
- %>
ASP修复范例:
- <%
- Dim FileName
- FileId = Request.QueryString("FileId")
- FileName = GetFileNameByID(FileId)
- Response.Clear
- Response.ContentType = "application/octet-stream"
- Response.AddHeader "content-disposition", "attachment; filename=" & FileName
- Set Stream = server.CreateObject("ADODB.Stream")
- Stream.Type = 1
- Stream.Open
- Stream.LoadFromFile Server.MapPath(FileName)
- While Not Stream.EOS
- Response.BinaryWrite Stream.Read(1024 * 64)
- Wend
- Stream.Close
- Set Stream = Nothing
- Response.Flush
- Response.End
- %>
PHP修复规范:
在php.ini中进行如下配置:
open_basedir = 服务器上WEB目录的路径(注,路径最后需要加上斜杠作为结束),如:open_basedir = /var/www/html/