Php Excessive Access Mode
Description
Detects PHP code that creates directories with overly permissive access modes using mkdir(). Using modes ending in 7 (rwx) or 3 (wx) grants excessive permissions that could allow unauthorized access or modification of sensitive directories.
Detection Strategy
• Identifies calls to PHP mkdir() function
• Checks if the permission mode parameter (second argument) ends with '7' or '3'
• Reports vulnerability when directories are created with excessive permissions (modes ending in 7 for rwx or 3 for wx access)
• Example vulnerable code: mkdir('/path/dir', 0777) or mkdir('/path/dir', 0773)
Vulnerable code example
<?php
// Dangerous: Allows directory traversal via "../" in path
mkdir("../upload/files.php", 0777, true);
?>✅ Secure code example
<?php
// Sanitize path and use absolute path to prevent directory traversal
$base_dir = '/var/www/uploads'; // Define fixed base directory
$safe_path = realpath($base_dir) . '/files'; // Resolve to absolute path
if (strpos($safe_path, $base_dir) === 0) { // Verify path is within allowed directory
mkdir($safe_path, 0755, true); // Use restrictive permissions
}Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.