开发者

Detect the vulnerability in this PHP - file [closed]

问答 作者:
开发者_如何学Go As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 11 years ago.

I have this link

http://example.com/example.php?link=<link>&title=<title>&bild=<picturelink>&named=<text>

each term in <> stands for a variable, which could be changed by a mean - spirited attacker.

<named> = domain-name of <link>

This is the handling php file

<?php
if(strpos($_GET[named],"known.com")!==false or 
   strpos($_GET[named],"known2.com")!==false or 
   strpos($_GET[named],"known3.com")!==false)
{
echo '<div align="center"><a href=' . 
     $_GET[link] . 
     ' target="_blank"><img alt="' . 
     htmlentities(utf8_decode($_GET[title])) . 
     '"  title="' . htmlentities(utf8_decode($_GET[title])) . 
     '"  src=' . $_GET[bild] . 
     '  border=0></a></div><br><br><b>' . 
     htmlentities(utf8_decode($_GET[title])) . 
     '</b><br><br><a  href=' . 
     htmlentities($_GET[link]) . 
     ' target="_blank" style="color: grey;">Text <i>' . 
     htmlentities(utf8_decode($_GET[title])) . '</i> text ' . 
     htmlentities($_GET[named]) . '!</a><br>(text)';
}
else
{
echo 'not allowed';
}
?>

How can it be attacked and which changes to the php file do you recommend?

Escape your data!!!

Any user input should not be able to be directly put into the HTML, or they can insert Javascript and steal sessions and what not.

Use something like this this: htmlspecialchars($_GET['link'])

See also: http://en.wikipedia.org/wiki/Cross-site_scripting#Exploit_scenarios

http://example.com/example.php?link=></a><script>alert('Pwned');</script><a&title=blaba&bild=blabla&named=known.com

This url produce following HTML:

<div align="center">
    <a href=></a>
        <script>alert('Pwned');</script>
    <a target="_blank">
        <img alt="blabla"  title="blabla"  src=blabla  border=0>
    </a>
</div>
<br><br>
<b>blabla</b><br><br>
<a  href=blabla target="_blank" style="color: grey;">Text <i>blabla</i> text known.com!</a><br>(text)

You can see a valid <script> tag in it

When printing these variables, you should convert them to entities at all times. So, in this case, you forgot a few variables.

$_CLEAN = array();
foreach($_GET as $key => $value) {
    $_CLEAN[$key] = htmlentities($value);
}

instead of echo'ing $_GET, you should echo $_CLEAN

Edit: Escape your Data from the Get Variables.

继续阅读:phpsecurityxss

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9