Page 1 of 1

How I almost killed my server, and the repair, am I safe now

Posted: Fri Jan 06, 2006 3:59 pm
by stylus
I found a way that I can kill my server during development, and I want to know if there is any thing else I should do to protect against it.

In my form, I ask how many accessories? and then have an input box. Just for the heck of it I hit the 9 key and held it for a second. When I submitted it the page was crunching for over a minute so I finally used task manager and close the browser.

So I set the max length to 2, if they have more then 10 accessories there is something fishy anyways, so I have a limit of 99. Is my solution safe enough or can my form be easily exploited?

Code: Select all

<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<form action="test_form.php" method="post">
<input type="text" name="field_count" size="2"  maxlength="2" value="<?php echo $_POST['field_count']; ?>">
<input name="submit" value="Go" type="submit" onClick="document.add_marginworksheet.submit()">
<table>
<?PHP 
      $field_count = $_POST['field_count'];
            for($i= 1;$i <= $field_count;++$i) 
	{ 
	   echo "
                        <tr>
                           <td align=left width=90>Model:<br><input type=text size=10 name=\"model_$i\" value=\"".$_POST['model_'.$i]."\"></td>
                           <td align=left width=90>Description:<br><input type=text size=10 name=\"description_$i\" value=\"".$_POST['description_'.$i]."\"></td>
                           <td align=right width=90>Price:<br><input type=text size=10 name=\"price_$i\" value=\"".$_POST['price_'.$i]."\"></td>
	       </tr> ";
	};
?>
</table>
<input type="submit" value="submit" name="Submit">
</form>
</body>
</html>

Posted: Fri Jan 06, 2006 4:07 pm
by John Cartwright
So I set the max length to 2, if they have more then 10 accessories there is something fishy anyways, so I have a limit of 99. Is my solution safe enough or can my form be easily exploited?
I don't see where you tried this in your code, but it would look something along the lines of

Code: Select all

$max_fields = 100;
$field_count = intval($_POST['field_count']); //assure value is integer
$field_count = ($field_count > $max_fields ? $max_fields : $field_count);

for($i= 1;$i <= $field_count;++$i) {
       echo "<tr>
                    <td align=left width=90>Model:<br><input type=text size=10 name=\"model_$i\" value=\"".$_POST['model_'.$i]."\"></td>
                    <td align=left width=90>Description:<br><input type=text size=10 name=\"description_$i\" value=\"".$_POST['description_'.$i]."\"></td>
                    <td align=right width=90>Price:<br><input type=text size=10 name=\"price_$i\" value=\"".$_POST['price_'.$i]."\"></td>
           </tr> ";
    };