sford999 Posted January 3, 2007 Share Posted January 3, 2007 Hi allI`m writing a script for a friend who`s been hit buy certain cracking teams and they`ve uploaded shell scripts onto his server.What I`m looking to do, is list all the files in a directory (already done) and check the mime type, if the mime type is valid, then it should report it as valid and carry onto the next file, but if it does find a suspect file, then it should flag him to check the file.eg:Good filetest.gif ------------- image/gifbad filetest2.gif ------------ [b][color=red]text/plain[/color][/b]I`ve written the script to show all the files in a directory, but I don`t know how or if its possible to check the mime type of the files.If someone could help, it`d be a great help.Also, is it possible to show all directories on a server? it would save a lot of time checking each directory individually as there`s in the region of 300 directories on the server hosting 20 sites. Link to comment https://forums.phpfreaks.com/topic/32646-validating-files-via-mime-type/ Share on other sites More sharing options...
fert Posted January 3, 2007 Share Posted January 3, 2007 it is possible to find all directories on a server with scandir (PHP 5) i don't know if it's possible to find mime type mabey with shell functions Link to comment https://forums.phpfreaks.com/topic/32646-validating-files-via-mime-type/#findComment-152032 Share on other sites More sharing options...
corbin Posted January 3, 2007 Share Posted January 3, 2007 Computers associate certain mime types based on file extensions, so you could just build an array of none allowed file extensions such as .com .cmd .bat .php etc and then compare each files extension to it.Example that assumes all the file names are in $files[code=php:0]$bad = array(".php",".com",".bat",".cmd");foreach($files as $k => $v) {$exts = explode(".", $v);if(count($exts) < 2) {$ext = $v;}else {$ext = $exts[count($exts -1)];}if(in_array(strtolower($ext), $bad)) {$badfiles[] = $v;}}And then $badfiles would contain the files that had bad file extensions...[/code] Link to comment https://forums.phpfreaks.com/topic/32646-validating-files-via-mime-type/#findComment-152036 Share on other sites More sharing options...
sford999 Posted January 4, 2007 Author Share Posted January 4, 2007 That wouldn`t work in this instance, because they hide the scripts by renaming the extension so they look like genuine files,eg:c99.php could be called image,gifThats why I`m looking for a way to check the mime type of the file so that it will detect if the mime type is correct against the file extension Link to comment https://forums.phpfreaks.com/topic/32646-validating-files-via-mime-type/#findComment-152669 Share on other sites More sharing options...
sford999 Posted January 5, 2007 Author Share Posted January 5, 2007 Anyone have any ideas? Link to comment https://forums.phpfreaks.com/topic/32646-validating-files-via-mime-type/#findComment-153250 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.