spoof $session['xyz']
I am evalating a way to secure PHP pages. I wonder if someone can provide me a code to spoof by sending a fake referer to $_session['xyz'] in main.php?
Do I have to know the session variable before I could sent a spoof value?
So far I tried my code below.
<?php
header("Referer: http://domain.com.sg");
$host = "domain.com.sg";
$file = "demo.php";
$hdrs = array( 'http' => array(
'method' => "POST",
'header'=> "accept-language: en\r\n" .
开发者_如何学编程 "Host: $host\r\n" .
"Referer: http://$host\r\n"
)
);
$context = stream_context_create($hdrs);
$fp = fopen("http://domain.com.sg/dem251.php", 'r', false, $context);
fpassthru($fp);
fclose($fp);
?>
Session values are kept server-side. Unless your PHP has register_globals
enabled, the only way a remote user could directly set something in the session is via your code. So if you don't have something like:
$_SESSION['xyz'] = $_GET['xyz'];
anywhere, then it's "safe".
As for the referer itself, that's just an HTTP header, which is COMPLETELY under control of the user. It's best to ignore the referer completely, or at least treat it as you would toxic waste.
精彩评论