Re: something works 1 place but not another
- From: Captain Paralytic <paul_lautman@xxxxxxxxx>
- Date: Thu, 25 Dec 2008 04:48:25 -0800 (PST)
On 24 Dec, 23:48, Dave Kelly <daveekel...@xxxxxxxxxxxxxx> wrote:
On Dec 24, 7:10 am, Jerry Stuckle <jstuck...@xxxxxxxxxxxxx> wrote:
Dave Kelly wrote:
On Dec 23, 3:33 pm, Jerry Stuckle <jstuck...@xxxxxxxxxxxxx> wrote:
Dave Kelly wrote:
Please go here for source code.You need a password to access that page.
http://www.texasflyfishers.org/signup/guestbookwithouting.php?mode=vi...
This line of code works as I want it to in the first instance:
<p><b>Trip</b>: $var1</p>
In the second instance ( which I have commented out ) the screen goes
blank.
Why? What is the dirrerence?
Yes I know there is a line of sensitive information visible.
Thanks
Dave
Sorry guys, I forgot about that. Let me post the whole code here, its
not that long.
<?php
/********************************************
* Simple PHP Guestbook *
* by Justin *
* Version 1.0 *
* 2003-Feb-01 *
* Works with PHP version 4.1.0 and higher *
********************************************/
/********************************************
* CHANGE THIS to the file you want *
* to store all the info in. *
* Make sure the file exists *
* and is CHMODed to 777 *
********************************************/
foreach ($_POST as $key=>$value) {
$$key=$value;
}
foreach ($_GET as $key=>$value) {
$$key=$value;
}
<snip>
In addition to what the others have said, this is very dangerous code.
It allows the user to define any variable in your code. It's a huge
security risk.
register_globals did basically the same thing, but has been deprecated
due to those same security
I am asking this question because I do not fully understand. I
understand 'dangerous code' and 'security risk' and have a vague
knowledge of what 'register_globals' might be. Though I don't know one
from an earth worm.
This file is called from the HTML pages.
<a ref="http://www.texasflyfishers.org/signup/guestbook.php?
mode=view&var1=SALTWATER-RedFishRodeo-Oct">sign up here</a>
'signup'is the user name/password protect directory you ran into from
my first post. Does that still leave me as vulnerable?
I guess one of the things I need to ask, is there somewhere I can read
that explains the security of such things as register_globals in
laymans terms.
Despite what I might say, I do appreciate the critique and feedback.
Thanks
Whilst just as dangerous, you can replace:
foreach ($_POST as $key=>$value) {
$$key=$value;
}
with:
extract($_POST);
And to make it slightly safer, you could then do:
extract($_POST,EXTR_PREFIX_ALL,'slightly_safer');
And EXTR_IF_EXISTS also helps improve safety.
You can find explanations of all this at:
http://uk.php.net/manual/en/function.extract.php
Now, as to your request:
I guess one of the things I need to ask, is there somewhere I can readThe answer I'm afraid is that there is no substitute for experience,
that explains the security of such things as register_globals in
laymans terms.
research and study. Just google for things like "php security" and
"php injection" and read read read...
.
- References:
- something works 1 place but not another
- From: Dave Kelly
- Re: something works 1 place but not another
- From: Jerry Stuckle
- Re: something works 1 place but not another
- From: Dave Kelly
- Re: something works 1 place but not another
- From: Jerry Stuckle
- Re: something works 1 place but not another
- From: Dave Kelly
- something works 1 place but not another
- Prev by Date: PHPBB help
- Next by Date: Re: PHPBB help
- Previous by thread: Re: something works 1 place but not another
- Next by thread: Re: ffmpeg conversion library - no sound problem
- Index(es):
Relevant Pages
|
Loading
