Help! to fix a security bug!

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
cyberia
Forum Newbie
Posts: 2
Joined: Fri Aug 24, 2007 1:10 am

Help! to fix a security bug!

Post by cyberia »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi-
I use this mehod to redirect my domain to a virtual address(browser address doesn't change):

Code: Select all

<?php
$domain="http://mydomain.com";
$req=$_SERVER[request_url];
$url=$domain.$req;

include($url);
?>
I know this is a security risk. How a hacker can make problem?
and how can I fix this security bug?

Another thing:when I use this method $_SERVER[user_agent] doesn't return any value!

Thank you


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Last edited by cyberia on Fri Dec 14, 2007 3:00 am, edited 1 time in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You aren't redirecting. Redirection involves header() or <meta> tags.

I have to assume your code is an example as it certainly won't pass PHP's syntax check.

The security problem you have is that if the remote server is compromised so is the server this code runs on.

$_SERVER['HTTP_USER_AGENT'] is the proper variable for user agent strings.
Post Reply