Php Unsafe File Inclusion
Description
Detects PHP code patterns that could allow path traversal attacks through unsafe file operations. This vulnerability occurs when file operations (like includes or moves) use unsanitized user input, potentially allowing attackers to access files outside intended directories.
Detection Strategy
• Check for PHP import statements (include, require) that use variables or expressions without proper path sanitization
• Identify dangerous file operation functions (move_uploaded_file, mkdir, copy) that accept user-controllable input as parameters
• Analyze if the file path parameter in these operations comes from user input sources like $_GET, $_POST, or other untrusted data
• Report a vulnerability if file operations use unsanitized user input in path parameters
Vulnerable code example
<?php
// User controlled input without validation
$user_input = $_REQUEST['input'];
$filename = $_GET['filename'];
$upload_path = $_POST['path'];
// Dangerous: Directly using user input in file operations
require_once $user_input; // Vulnerable - allows inclusion of arbitrary files...✅ Secure code example
<?php
// Define allowed paths and files
$ALLOWED_INCLUDES = ['config.php', 'functions.php', 'templates.php'];
$UPLOAD_BASE_DIR = '/var/www/uploads/'; // Base directory for uploads
$ALLOWED_EXTENSIONS = ['jpg', 'png', 'pdf']; // Restrict file types
// Sanitize and validate include file
$user_input = $_REQUEST['input'] ?? '';...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.