PHP Snippet #01

This challenge covers the review of a snippet of code written in PHP

< 1 Hr.


In this challenge, we examine a PHP function named `list_files_for_user` that takes a username as a parameter. The function creates a base directory named "files/username" if it doesn't already exist and then returns a list of files in that directory, excluding the current and parent directory references. However, the code is vulnerable to directory traversal attacks because it concatenates the username directly without validation.

If an attacker inputs a malicious username like `../../../etc`, they could potentially traverse directories and read sensitive files like those in the `/etc` directory. To mitigate this risk, the developer should use the `basename` function to sanitize the username and remove any directory traversal sequences before concatenating it with the directory path "files/". This will ensure that only valid filenames are used, preventing unauthorized directory access.

Want to learn more? Get started with PentesterLab Pro! GO PRO