Re: [PHP] Remote File Variable Injection Safety?
- From: stuttle@xxxxxxxxx (Stuart)
- Date: Wed, 7 Jan 2009 11:05:42 +0000
2009/1/7 Daniel Kolbo <kolb0057@xxxxxxx>:
suppose there is a file at http://otherhost.com/remote.php that looks like
this:
<?php
if (!isset($safe_flag))
{
die("hacking attempt");
}
echo "You are in";
?>
Suppose i executed the following php file at http://myhost.com/local.php
<?php
require_once("http://otherhost.com/remote.php";);
?>
Is there any way to get local.php to display "You are in", by only modifying
local.php? That is, is there a way to set $safe_flag on the remote host as
one requests a file from the remote host from within local.php?
I have genuine, academic, non-belligerent intentions when asking this
question.
Doing this is evil and should be avoided if at all possible. However,
assuming you really need to do it this way...
The best way to validate inclusion is to check the value of
$_SERVER['REMOTE_ADDR'] in the remote script and only allow known IPs.
This is not foolproof but will kill off casual attempts to get the
code.
Alternatively if you change the test for $safe_flag to
$_GET['safe_flag'] and add ?safe_flag=1 to the end of the URL in the
require call that should also work, but is easily copied. You could
randomise "safe_flag" and the value to make it more difficult, but
checking the IP is far better IMHO.
-Stuart
--
http://stut.net/
.
- References:
- Because you guys/gals/girls/women/insert pc term here are a smart lot
- From: "Frank Stanovcak"
- Re: [PHP] Because you guys/gals/girls/women/insert pc term here are a smart lot
- From: "Dotan Cohen"
- [PHP] IE7 forçando download de arquivo *.php
- From: Zechim
- Re: [PHP] IE7 forçando download de arquivo *.php
- From: Maciek Sokolewicz
- Firebird Backup
- From: Sándor Tamás (HostWare Kft . )
- Re: [PHP] Firebird Backup
- From: Lester Caine
- Re: [PHP] Firebird Backup
- From: Sándor Tamás (HostWare Kft . )
- Remote File Variable Injection Safety?
- From: Daniel Kolbo
- Because you guys/gals/girls/women/insert pc term here are a smart lot
- Prev by Date: Remote File Variable Injection Safety?
- Next by Date: Re: [PHP] Request A Collection of YouTube Videos From Multiple User Accounts using YouTube API
- Previous by thread: Remote File Variable Injection Safety?
- Next by thread: Re: Remote File Variable Injection Safety?
- Index(es):
Relevant Pages
|
