Page 1 of 1

security issues in php

Posted: Wed Apr 13, 2005 2:58 am
by pelegk2
what security thing's are there in php, for example like the include/require that should be used carefully?

Posted: Wed Apr 13, 2005 4:31 am
by Chris Corbyn
Any of the shell commands.... Anyone wanting to make a mess of things could do a pretty good job if these are poorly implemented....

They always seem obvious ones to me :D

exec(), system(), passthru()....

can you give an example

Posted: Wed Apr 13, 2005 5:04 am
by pelegk2
to one of them?

Re: can you give an example

Posted: Wed Apr 13, 2005 5:26 am
by Chris Corbyn
pelegk2 wrote:to one of them?
:? You want an example?

Untested but...

Code: Select all

echo passthru($_GET['command']);
Which basic allow complete control of the server if PHP has good enough permissions....

You could get all the source code of files for example with the awfully insecure script....

http://www.yourdomain.com?command=ls (see the filenames)
http://www.yourdomain.com?command=cp%20 ... 0file2.txt (copy the files to text files)
http://www.yourdomain.com/file1.txt (download the source code).

With this you could access mysql databases from passwords in the scripts etc. However a unix-happy kinda person could do far more damage than that....

nice to know:)

Posted: Wed Apr 13, 2005 6:31 am
by pelegk2
are there any other dangerous functions like that?
i thouhgt of something for example like :
the use of $$
which for example if you have
$x="function1";
and u do
$$x;
u activate the function!
so if in some way u know that
$_REQUEST['some_var'] is equals to "mysql_query(drop table")
then mabe some how a
$$_REQUEST['some_var'] can be done to!
i am still rolling the idea if thi is possible in any way!
what do u think?

Posted: Wed Apr 13, 2005 6:46 am
by John Cartwright
You know better than to post in the wrong forum.. :roll:

Moved to PHP-Security

Posted: Wed Apr 13, 2005 3:53 pm
by Ambush Commander
are there any other dangerous functions like that?
Any function is dangerous in the hands of am expert with unfilitered data. 8)

Actually, that's not necessarily true, but always don't trust external data.

Posted: Wed Apr 13, 2005 4:10 pm
by John Cartwright
Another common security flaw is the possibility of "sql injection"..

While this is not completely PHP's problem, once again it is an example of how poor coding practices and lack of sanitation from user input can cause some problems.

But what does this mean? It means that any language has its core vulnerabilities, and it also has its defences -- where the problem is, as mentioned erlier, is the coder himself.

Jcart i agree with every word

Posted: Wed Apr 13, 2005 5:56 pm
by pelegk2
but what do u say abut :
$x="function1";
and you do
$$x;
you activate the function
is it possible my idea?

Re: Jcart i agree with every word

Posted: Thu Apr 14, 2005 5:46 am
by Chris Corbyn
pelegk2 wrote:but what do <span style='color:blue' title='ignorance is bliss'>you</span> say abut :
$x="function1";
and you do
$$x;
you activate the function
is it possible my idea?
Well all that is doing is using a string to make a variable variable.

If you did have $x as the result of a function then I guess you'd just have be careful about what the function actually does.

The main security issues... as already mentioned is anything designed to allow external control.