Page 1 of 1

Help! to fix a security bug!

Posted: Thu Dec 13, 2007 1:33 pm
by cyberia
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi-
I use this mehod to redirect my domain to a virtual address(browser address doesn't change):

Code: Select all

<?php
$domain="http://mydomain.com";
$req=$_SERVER[request_url];
$url=$domain.$req;

include($url);
?>
I know this is a security risk. How a hacker can make problem?
and how can I fix this security bug?

Another thing:when I use this method $_SERVER[user_agent] doesn't return any value!

Thank you


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Thu Dec 13, 2007 3:26 pm
by feyd
You aren't redirecting. Redirection involves header() or <meta> tags.

I have to assume your code is an example as it certainly won't pass PHP's syntax check.

The security problem you have is that if the remote server is compromised so is the server this code runs on.

$_SERVER['HTTP_USER_AGENT'] is the proper variable for user agent strings.