Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
If you go and actually test your code, you'll see it doesn't actually work. Not only will broken links increase the counter, but you don't distinguish between the different id-s.
Also, in the location header you should put a slash after the domain, or ensure that 'file' starts with one. Otherwise, an attacker will register http://www.example.com.au and pass the victim url like this:
Mordred wrote:dayyanb already noted the XSS issues.
If you go and actually test your code, you'll see it doesn't actually work. Not only will broken links increase the counter, but you don't distinguish between the different id-s.
Also, in the location header you should put a slash after the domain, or ensure that 'file' starts with one. Otherwise, an attacker will register http://www.example.com.au and pass the victim url like this:
so
$data1 = file_get_contents("data.txt") + "1";
$fp = fopen("data.txt", "w") moust change to
$data1 = file_get_contents("/data.txt") + "1";
$fp = fopen("/data.txt", "w")
so the attacker can download files to my server?
dayyanb wrote:If the download is a broken link you will still increase the number of downloads.
You are vulnerable to a xss exploit because you don't check your input. Check both variables for newline or return characters, and url encode them.
Use css instead of <center>.
Mordred wrote:dayyanb already noted the XSS issues.
If you go and actually test your code, you'll see it doesn't actually work. Not only will broken links increase the counter, but you don't distinguish between the different id-s.
Also, in the location header you should put a slash after the domain, or ensure that 'file' starts with one. Otherwise, an attacker will register http://www.example.com.au and pass the victim url like this:
so
$data1 = file_get_contents("data.txt") + "1";
$fp = fopen("data.txt", "w") moust change to
$data1 = file_get_contents("/data.txt") + "1";
$fp = fopen("/data.txt", "w")
so the attacker can download files to my server?
dayyanb wrote:If the download is a broken link you will still increase the number of downloads.
You are vulnerable to a xss exploit because you don't check your input. Check both variables for newline or return characters, and url encode them.
Use css instead of <center>.
Mordred wrote:dayyanb already noted the XSS issues.
If you go and actually test your code, you'll see it doesn't actually work. Not only will broken links increase the counter, but you don't distinguish between the different id-s.
Also, in the location header you should put a slash after the domain, or ensure that 'file' starts with one. Otherwise, an attacker will register http://www.example.com.au and pass the victim url like this:
so
$data1 = file_get_contents("data.txt") + "1";
$fp = fopen("data.txt", "w") moust change to
$data1 = file_get_contents("/data.txt") + "1";
$fp = fopen("/data.txt", "w")
so the attacker can download files to my server?
dayyanb wrote:If the download is a broken link you will still increase the number of downloads.
You are vulnerable to a xss exploit because you don't check your input. Check both variables for newline or return characters, and url encode them.
Use css instead of <center>.