HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

how to integrate filemanagement in vanilla

jackmaessenjackmaessen ✭✭✭
edited April 2015 in General Banter

I am testing with a filemanagement to integrate in vanilla forum via Custom pages.
I have made a custom paga named filemanager
The basic folder he reads from is test which is in the root
As standalone the script works fine. http://develop2.webprofis.nl/filemanager_standalone/filemanager.php?p=
But know i am having trouble with the path when using this script via vanilla: http://develop2.webprofis.nl/filemanager

Here are part of the code which is responsible for the path:

// Base folder (relative to document_root) ('', 'subfolder', 'subfolder/subfolder2' etc.)
$base_folder = 'test';
//...
define('DS', '/');

$base_folder = clean_path($base_folder);
$is_https = isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1)
    || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';

// check $base_folder
$root_path = $_SERVER['DOCUMENT_ROOT'] . (!empty($base_folder) ? DS . $base_folder : '');
if (!is_dir($root_path)) {
    $base_folder = '';
}

// abs path for site
define('ROOT_PATH', $_SERVER['DOCUMENT_ROOT'] . (!empty($base_folder) ? DS . $base_folder : ''));
define('ROOT_URL', ($is_https ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . (!empty($base_folder) ? '/' . $base_folder : ''));
define('FM_URL', ($is_https ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);

and there are lots of redirects after deleting files, download, pack etc. like this:
redirect(FM_URL . '?p=' . urlencode($p));

What do i have to do to make this work on a custom page? The problems is with the path...

the complete file is attached

Comments

  • x00x00 MVP
    edited April 2015

    File management through web application is the tail wagging the dog.

    Just don't to it. You see in on cheap webhost, in a heavy sandboxed area, but never on a front end unless they are stupid.

    Use the right tool for the job, don't waste you time with this, you are asking for trouble.

    grep is your friend.

  • Any basic XSS exploit means I can not only hijack you session, I could then control your files.

    You have give permission an ownership, that you shouldn't be doing in the first place.

    grep is your friend.

  • jackmaessenjackmaessen ✭✭✭
    edited April 2015

    is it really that dangerous? What i try to achieve is give every member his unique folder in which he can add files, create folders, rename, download etc. So i found this script and i was testing it into vanilla but i get stuck already with the path. So i thought: when this works in vanilla, i will use the login session of the user to create his own folder ( and is locked into it) in which he can play...

  • Sure, in fact you idea is even worse that I thought you we going to use it for. Especially if the are not restricting the use severely, you need to be skilled at sandboxing otherwise the could upload anything malicious. It the wrong solution to the problem anyway.

    Why do you need such a thing when people can use file sharing site like dropbox? They have far more experience with the security side of such services.

    grep is your friend.

  • You have a point...i do agree with you about the security

Sign In or Register to comment.