Page 1 of 1
Counting wasted time...
Posted: Wed Apr 02, 2008 12:16 am
by JAB Creations
Code: Select all
<?php
if (!isset($_GET['number'])) {$a = 1;}
else {$a = $_GET['number'] + 1;}
$b = $a+ 1;
$self = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?number='.$a;
header("refresh: 1; url=$self");
echo 'You have wasted '.$a.' seconds of your life.';
?>
...at what point should I become concerned?

Re: Counting wasted time...
Posted: Wed Apr 02, 2008 4:58 am
by Mordred
JAB Creations wrote:...at what point should I become concerned?

Concerned about the couple of security holes in there, or the generic lack of life (tm) of both the author and the paranoid freak that looks for security holes in joke code?
It's pretty serious either way

Re: Counting wasted time...
Posted: Wed Apr 02, 2008 10:36 am
by John Cartwright
Your code does not take into account the connection speed/latency.
heres my take
Code: Select all
<?php
function microtime_float()
{
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}
session_start();
if (!isset($_SESSION['wasted'])) {
$_SESSION['wasted'] = 0;
$_SESSION['lastrequest'] = microtime_float();
}
$_SESSION['wasted'] += (microtime_float() - $_SESSION['lastrequest']);
header('Refresh: 1; url="'. $_SERVER['PHP_SELF'].'"');
echo 'You have wasted '. number_format($_SESSION['wasted'], 5) .' seconds of your life.';
$_SESSION['lastrequest'] = microtime_float();
exit();
Re: Counting wasted time...
Posted: Wed Apr 02, 2008 1:36 pm
by JAB Creations
I knew the time wouldn't me completely accurate, but security holes? I didn't take too much time making this script but it was sort of interesting even if it doesn't achieve anything. Jcart exploded time!

Re: Counting wasted time...
Posted: Thu Apr 03, 2008 7:15 am
by Mordred
JAB Creations wrote:I knew the time wouldn't me completely accurate, but security holes?
Well, hardly something big, but for 5 lines of code it's enough
1. If the attacker gives you ?number[]=1, he might trigger a warning.
2. For older versions of PHP, there might be a header injection with PHP_SELF, I'm not 100% sure how the new lines would be encoded/handled though.