security issues in php
Moderator: General Moderators
- pelegk2
- Forum Regular
- Posts: 633
- Joined: Thu Nov 27, 2003 5:02 am
- Location: Israel - the best place to live in after heaven
- Contact:
security issues in php
what security thing's are there in php, for example like the include/require that should be used carefully?
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
- pelegk2
- Forum Regular
- Posts: 633
- Joined: Thu Nov 27, 2003 5:02 am
- Location: Israel - the best place to live in after heaven
- Contact:
can you give an example
to one of them?
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Re: can you give an example
pelegk2 wrote:to one of them?
Untested but...
Code: Select all
echo passthru($_GET['command']);You could get all the source code of files for example with the awfully insecure script....
http://www.yourdomain.com?command=ls (see the filenames)
http://www.yourdomain.com?command=cp%20 ... 0file2.txt (copy the files to text files)
http://www.yourdomain.com/file1.txt (download the source code).
With this you could access mysql databases from passwords in the scripts etc. However a unix-happy kinda person could do far more damage than that....
- pelegk2
- Forum Regular
- Posts: 633
- Joined: Thu Nov 27, 2003 5:02 am
- Location: Israel - the best place to live in after heaven
- Contact:
nice to know:)
are there any other dangerous functions like that?
i thouhgt of something for example like :
the use of $$
which for example if you have
$x="function1";
and u do
$$x;
u activate the function!
so if in some way u know that
$_REQUEST['some_var'] is equals to "mysql_query(drop table")
then mabe some how a
$$_REQUEST['some_var'] can be done to!
i am still rolling the idea if thi is possible in any way!
what do u think?
i thouhgt of something for example like :
the use of $$
which for example if you have
$x="function1";
and u do
$$x;
u activate the function!
so if in some way u know that
$_REQUEST['some_var'] is equals to "mysql_query(drop table")
then mabe some how a
$$_REQUEST['some_var'] can be done to!
i am still rolling the idea if thi is possible in any way!
what do u think?
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Another common security flaw is the possibility of "sql injection"..
While this is not completely PHP's problem, once again it is an example of how poor coding practices and lack of sanitation from user input can cause some problems.
But what does this mean? It means that any language has its core vulnerabilities, and it also has its defences -- where the problem is, as mentioned erlier, is the coder himself.
While this is not completely PHP's problem, once again it is an example of how poor coding practices and lack of sanitation from user input can cause some problems.
But what does this mean? It means that any language has its core vulnerabilities, and it also has its defences -- where the problem is, as mentioned erlier, is the coder himself.
- pelegk2
- Forum Regular
- Posts: 633
- Joined: Thu Nov 27, 2003 5:02 am
- Location: Israel - the best place to live in after heaven
- Contact:
Jcart i agree with every word
but what do u say abut :
is it possible my idea?$x="function1";
and you do
$$x;
you activate the function
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Re: Jcart i agree with every word
Well all that is doing is using a string to make a variable variable.pelegk2 wrote:but what do <span style='color:blue' title='ignorance is bliss'>you</span> say abut :is it possible my idea?$x="function1";
and you do
$$x;
you activate the function
If you did have $x as the result of a function then I guess you'd just have be careful about what the function actually does.
The main security issues... as already mentioned is anything designed to allow external control.