标签云

微信群

扫码加入我们

WeChat QR Code


there is a directory traversal vulnerability in this script! An attacker can pass in xfer.php?file=../../../passwd or whatever else they want! Be careful!!!

2018年12月11日08分31秒

this will blow up the server's memory limits if the files are too big and your traffic is high.. something i've experienced myself.

2018年12月11日08分31秒

how to fix the "directory traversal vulnerability" ?

2018年12月10日08分31秒

anarchOi: The easiest way would be to compare the GET parameter ($_REQUEST['file']) against a whitelist of known-good file names. For instance, a listing of all files in the directory you store your files. Make sure you only use that directory for storing files you want to be downloadable...

2018年12月11日08分31秒

tmsimont, Have you found out any ways of lowering memory consumption?

2018年12月10日08分31秒