112.json

{
    "file_path": "security_data/gpt3_security_vulnerability_scanner-main/Insecure File Uploads/Insomnihack_2019_l33t-hoster.php",
    "vulnerability": "Vulnerabilities Detected:\n1. Potential Remote Code Execution vulnerability due to lack of input validation on uploaded files.\n2. Potential Directory Traversal vulnerability due to lack of input validation on uploaded files.\n3. Potential Cross-Site Scripting vulnerability due to lack of input validation on uploaded files.\n4. Potential Cross-Site Request Forgery vulnerability due to lack of input validation on uploaded files.",
    "source code": "<?php\nif (isset($_GET[\"source\"]))\n    die(highlight_file(__FILE__));\n\nsession_start();\n\nif (!isset($_SESSION[\"home\"])) {\n    $_SESSION[\"home\"] = bin2hex(random_bytes(20));\n}\n$userdir = \"images/{$_SESSION[\"home\"]}/\";\nif (!file_exists($userdir)) {\n    mkdir($userdir);\n}\n\n$disallowed_ext = array(\n    \"php\",\n    \"php3\",\n    \"php4\",\n    \"php5\",\n    \"php7\",\n    \"pht\",\n    \"phtm\",\n    \"phtml\",\n    \"phar\",\n    \"phps\",\n);\n\n\nif (isset($_POST[\"upload\"])) {\n    if ($_FILES['image']['error'] !== UPLOAD_ERR_OK) {\n        die(\"yuuuge fail\");\n    }\n\n    $tmp_name = $_FILES[\"image\"][\"tmp_name\"];\n    $name = $_FILES[\"image\"][\"name\"];\n    $parts = explode(\".\", $name);\n    $ext = array_pop($parts);\n\n    if (empty($parts[0])) {\n        array_shift($parts);\n    }\n\n    if (count($parts) === 0) {\n        die(\"Filename is empty\");\n    }\n\n    if (in_array($ext, $disallowed_ext, TRUE)) {\n        die(\"Lorem ipsum dolor sit amet consectetur adipisicing elit.\");\n    }\n\n    $image = file_get_contents($tmp_name);\n    if (mb_strpos($image, \"<?\") !== FALSE) {\n        die(\"Lorem ipsum dolor sit amet consectetur adipisicing elit.\");\n    }\n\n    if (!exif_imagetype($tmp_name)) {\n        die(\"Lorem ipsum dolor sit amet consectetur adipisicing elit.\");\n    }\n\n    $image_size = getimagesize($tmp_name);\n    if ($image_size[0] !== 1337 || $image_size[1] !== 1337) {\n        die(\"Lorem ipsum dolor sit amet consectetur adipisicing elit.\");\n    }\n\n    $name = implode(\".\", $parts);\n    move_uploaded_file($tmp_name, $userdir . $name . \".\" . $ext);\n}\n\necho \"<h3>Your <a href=$userdir>files</a>:</h3><ul>\";\nforeach(glob($userdir . \"*\") as $file) {\n    echo \"<li><a href='$file'>$file</a></li>\";\n}\necho \"</ul>\";\n\n?>\n\n<h1>Upload your pics!</h1>\n<form method=\"POST\" action=\"?\" enctype=\"multipart/form-data\">\n    <input type=\"file\" name=\"image\">\n    <input type=\"submit\" name=upload>\n</form>\n",
    "language": "php",
    "cwe_identifier": null,
    "pattern_desc": null,
    "line_number": null,
    "line_text": null,
    "pattern_id": null,
    "rule": null,
    "label": 1
}