1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

php attacks

Collapse
X
11 to 14 of 14 Previous 1 2 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
11 to 14 of 14 Previous 1 2 template Next
    #11
    Originally posted by Sockpuppet View Post
    I was thinking more along the lines of people I have seen doing.

    ?page=../templates/index2.php

    then it just does an include($_GET['page'])

    To display a new page from one document. Easily abusable. Thats what I thought was happening in this case.
    My point was that even if you make a drop down list to select pages and then use POST you can still abuse the process by tinkering with the page html. Add a new option to the dropdown that links to a remote site and then submit the form via POST. As easily to abuse as your suggestion, and doesn't take much longer to do.

    The only way to get round the abuse is to verify what is in $_GET['page'] / $_POST['page'] / $_REQUEST['page'] before you use it in the rest of your code.

    Comment

      #12
      I have no idea what any of the above means, but I'm guessing in this case ignorance is bliss.
      ǝןqqıʍ

      Comment

        #13
        Originally posted by Ardesco View Post
        Probably a bit of both. I'm sure you have people rummaging through sites trying to get this working and i'm sure enterprising individuals will have created bots that rummage through sites trying exploits out and reporting back any open sites they find to thier creators.
        Indeed. I recently saw Rasmus Lerdorf, the creator of PHP, give a demo of his tool "Scanmus" which can, in a couple of seconds, identify many such possible exploits on a site simply by trying a variety of different techniques known to allow this kind of thing.

        He doesn't make this tool freely available - it's used internally at Yahoo, where he now works, but given that it knows some tricks even the bad guys haven't worked out yet, they feel it's best to keep it in-house.

        (For some reason he rejected my suggestion to run it against www.mi5.gov.uk - something about wanting to be able to fly home the next day )

        Comment

          #14
          Thanks for your comments gentlemen.

          I bit the bullet and downloaded, built and installed mod_security2 for apache. This should give me the flexibility I feel I need.

          Comment

          Reply to Thread
          11 to 14 of 14 Previous 1 2 template Next

          Advertisers

          1. Contracting
            1. General
              1. Brexit
            2. Business / Contracts
              1. Coronavirus Assistance
            3. Accounting / Legal
              1. Umbrella Companies
              2. HMRC Scheme Enquiries
              3. The Future of Contracting
              4. IR35 Reform
            4. Technical
            5. Welcome / FAQs
          2. Social
            1. Light Relief
            2. Social / Events
          Working...
          X