I have a folder in my http server: http://localhost/webcam/, I'm trying to emulate the WebcamXP server, it works in this way:
1. Get the request
2. If the file exists, WebcamXP shows it
for example:
http://webcamxp/home.html -> exists -> show
http://webcamxp/gallery/image.jpg -> exists -> show
http://webcamxp/12354512 -> it doesn't exist -> don't show
http://webcamxp/../../../../../../../../boot.ini -> it doesn't exists because firefox replace ../ to '' -> don't show
http://webcamxp/..%2f..%2f..%2f..%2f..%2fboot.ini -> exists -> show
I made this .htaccess, but it fails when find the %2f..%2f
- Code: Select all
RewriteEngine On
Options +FollowSymlinks
RewriteBase /webcam/
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?$1 [NE,L]
I think is because I used {REQUEST_URI}, but I'm newbie in this topic.
Thanks for advance[/code]
I read again this post, and I thinks that it isn't explained
The purpose of my .htaccess is:
1. Show the files that exists
2. If the file, or directory doesn't exists, then redirect all the trafic to a file called index.php
for example:
http://localhost/webcam/home.html -> exists -> show
http://localhost/webcam/123 -> doesn't exists -> redirect "123" to index.php
http://localhost/webcam/gallery/image.jpg -> exists -> show
http://localhost/webcam/gallery/imagen_s -> doesn't exists -> redirect "gallery/imagen_s" to index.php
http://localhost/webcam/any_char_here -> doesn't exists -> redirect "any_char_here" to index.php
Redirect the string after "/webcam/" to index.php if the file doesn't exists.
Edited:
I probe mi .htaccess and it fails when the %2F is found in the request filename, for example:
http://localhost/webcam/string%2f
But when I probe it in the query string, it doesn't fails
http://localhost/webcam/string?things%2f
Another thing, I saw all the spam messages, you can change the CAPTCHA of this site because the captcha is vulnerable, and for that all those users can register...
You can read about captchas here: http://www.phpbb.com/blog/2008/08/28/captchas-in-phpbb/