Programs and scripts developed with PHP, one of the most popular languages, are often vulnerable to different attacks. The reason is not that the language is insecure, but that inexperienced programmers frequently commit design errors.
Author: Sacha Fuentes
Source: http://hakin9.org Hakin9 12/2007
What you will learn…
What you should know…
PHP is a server-side scripting language, with a syntax which comes from a mix of C, Perl and Java, which allows for the dynamic generation of web pages. It is used by millions of sites worldwide and lots of projects written in PHP can be found in opensource repositories like SourceForge (http:// sourceforge.net). The ease of use and the amount of libraries accessible from PHP allow anyone, with a minimum of knowledge, to write and publish complex applications. A lot of times, these applications are not well designed and do not provide the necessary security in a publicly accessible site. Due to this, we are going to have a look at the most habitual security errors in PHP; we’ll see how to find these bugs having access to the code and how to exploit them. Unchecked user input The main security problem in PHP is the lack of checks on user input, so we need to know where user input can come from. There are four types of variables that can be sent to the server: GET/POST variables, cookies and files. Let’s see an example with GET variables. A request like http://example.com/ index.php?var=MYINPUT, with index.php being: <?php echo $var; ?> This is a very convenient way of working, but a very insecure one too. As arbitrary variables can be defined and assigned by the user, the programmer must be very careful to assign default values to variables. Let’s take a look at an example taken from the PHP manual (Listing 1).
download id="127" format="1"] <div id="upgrade"> <div id="headersubscriptionform">Option for individual subscribers</div> </div>
Please keep in mind that comments are moderated and
rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let us have a personal and meaningful conversation instead.
You must be logged in to post a comment.