|
-
February 13th, 2006, 06:35 PM
#11
Sure. Here's the code I used:
PHP Code:
<?php
if(!empty($file_id) {
switch ($file_id) {
case 0:
echo "Please specify a file ID";
case 1:
header("Location: ./data/download1.zip");
break;
case 2:
header("Location: ./data/download2.zip");
break;
default:
echo "No file found with that id";
}
exit();
} else {
echo "Please specify a file ID";
}
?>
Thanks,
-jk
-
February 13th, 2006, 09:07 PM
#12
Do you have register_globals on? I think to do it like that you need register_globals on, unless you didn't include some code where you set $file_id = $_GET['file_id']. Otherwise, make all occurences of $file_id in your code $_GET['file_id'].
-
February 13th, 2006, 11:09 PM
#13
Hmm...aren't there any security issues in using register_globals? I seem to have read quite a lot of comments which advise against using it.
I thought this was going to be easier - hehe! :S
[edit] Changing all occurences of $file_id to $_GET['file_id'] didn't work either...
-
June 21st, 2006, 06:39 PM
#14
Just for completeness... Here's how I did it in the end (I'm not sure where I got this from - kudos to the author):
PHP Code:
<?php
// Fix for IE catching or PHP bug issue
header("Pragma: public");
header("Expires: 0"); // set expiration time
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
// browser must download file from server instead of cache
// Force download dialog
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
// Path to file and filename
$path = "data/Filetodownload.zip";
$filename = "Filetodownload.zip";
// Use the Content-Disposition header to supply a
// recommended filename and
// force the browser to display the save dialog.
header("Content-Disposition: attachment; filename=".$filename.";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($path));
readfile($path);
?>
It wouldn't be hard to add cases in there, etc.
However, I have a question (which I am unable to try out for myself at the moment) - if you used this method to download a file, would you be able to work out the actual location of the file by sniffing and inspecting the packets with Wireshark?
Thanks,
-jk
-
June 22nd, 2006, 04:56 AM
#15
That's a good question, and I believe the answer is no. I remember trying that once and that header you're returning looks very familiar. The reason I tried it is because I use command line with wget on nix, and I was looking for URLs in a normal browser on windows, then typing them out on my linux box. And I couldn't get a direct path to a file that used something that was very similar, if not the same thing as what you describe.
-
June 22nd, 2006, 06:07 AM
#16
Hi
f you used this method to download a file, would you be able to work out the
actual location of the file by sniffing and inspecting the packets with Wireshark?
The answer, indeed, is no. The reason:
1. The client himself has no access to the unparsed php-script, and thus to $path
2. After parsing the php-script, there is no information left in the generated data
(which is sent to the client) of $path. Basically, you are creating your own
http-"application-packet". You could look at it simply with burpproxy[1].
3. there is no information in lower layers about the path of the file.
However, there might be a way to obtain the information - namely in the file, which
you send, itself. Assume you are sending a word-document with the filepath-variable set ... 
Cheers
[1] http://freshmeat.net/projects/burpproxy/
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
June 22nd, 2006, 01:27 PM
#17
Thanks to both of you! sec_ware, you have a very good point - there are no fields in the header which display the location of the file, and so any collected packets wouldn't show up anything useful.
Luckily, I modified the script beforehand to make sure this wasn't possible (although I wasn't sure if there was another method through which it could be obtained). The script previously read:
PHP Code:
header("Content-Disposition: attachment; filename=".$path.";");
I then added the constant '$filename', and put that as the filename instead, because before any downloaded files would have the filename 'dir1-dir2-filename' (eg. 'data-Abstract.zip'), which gave away the original path 
Thanks
-jk
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote