FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.
Home » Imported messages » comp.lang.php » Help with Security Have I coded this correctly?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Help with Security Have I coded this correctly? [message #182075 is a reply to message #182074] Wed, 03 July 2013 18:35 Go to previous messageGo to previous message
Christoph Michael Bec is currently offline  Christoph Michael Bec
Messages: 207
Registered: June 2013
Karma:
Senior Member
Daniel Pitts wrote:
> On 7/2/13 11:50 PM, chirag sharma wrote:
>> I have created an online PHP code executor at http://web.guru99.com
>>
>> Though I have checked all security aspects … do you experts see any
>> major flaw that I need to care of?
>>
> I get a 403 forbidden on the AJAX request in both Chrome and Firefox.
>
> I don't know what you've done to protect against attack. Are you safe
> against the following type of attack? Are you just scrubbing the input,
> or have you actually locked-down and hardened the PHP itself?
>
> <?php
> $foo = "scan";
> $foo .= "dir";
>
> var_dump($foo('.'));
> ?>

When the AJAX request did work (about an hour ago), I was able to
execute the following successfully:

<?php
print_r(glob("*"));
?>

--
Christoph M. Becker

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Consumir Web Service usando SoapClient y Certificados jsk
Next Topic: How can i get value of text area?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Sep 19 21:57:39 GMT 2024

Total time taken to generate the page: 0.03536 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.1.3.
Copyright ©2001-2023 FUDforum Bulletin Board Software