FUDforum: comp.lang.php » Help with Security Have I coded this correctly?

Home » Imported messages » comp.lang.php » Help with Security Have I coded this correctly?

Show: Today's Messages :: Polls :: Message Navigator

Re: Help with Security Have I coded this correctly? [message #182088 is a reply to message #182087]

Mon, 08 July 2013 12:48

Jerry Stuckle
Messages: 2598
Registered: September 2010

Karma:

Senior Member

On 7/8/2013 4:49 AM, kishorguru99pvtltd(at)gmail(dot)com wrote:
> On Thursday, July 4, 2013 12:05:09 AM UTC+5:30, Christoph Michael Becker wrote:
>> Daniel Pitts wrote:
>>
>>> On 7/2/13 11:50 PM, chirag sharma wrote:
>>
>>>> I have created an online PHP code executor at http://web.guru99.com
>>
>>>>
>>
>>>> Though I have checked all security aspects ï¿½ do you experts see any
>>
>>>> major flaw that I need to care of?
>>
>>>>
>>
>>> I get a 403 forbidden on the AJAX request in both Chrome and Firefox.
>>
>>>
>>
>>> I don't know what you've done to protect against attack. Are you safe
>>
>>> against the following type of attack? Are you just scrubbing the input,
>>
>>> or have you actually locked-down and hardened the PHP itself?
>>
>>>
>>
>>> <?php
>>
>>> $foo = "scan";
>>
>>> $foo .= "dir";
>>
>>>
>>
>>> var_dump($foo('.'));
>>
>>> ?>
>>
>>
>>
>> When the AJAX request did work (about an hour ago), I was able to
>>
>> execute the following successfully:
>>
>>
>>
>> <?php
>>
>> print_r(glob("*"));
>>
>> ?>
>>
>>
>>
>> --
>>
>> Christoph M. Becker
>> Thanks for reply
> if disable "glob()" function it can be solve.
>

What you don't understand is - that will solve THIS problem. But how
many other potential security risks do you have?

There are huge risks when allowing people to place code on your system.
Securing your system is much more than just disabling a few functions.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================

Report message to a moderator

[Message index]

		Help with Security Have I coded this correctly? By: chirag sharma on Wed, 03 July 2013 06:50
		Re: Help with Security Have I coded this correctly? By: Arno Welzel on Wed, 03 July 2013 15:05
		Re: Help with Security Have I coded this correctly? By: bill on Wed, 03 July 2013 16:31
		Re: Help with Security Have I coded this correctly? By: Arno Welzel on Tue, 09 July 2013 14:20
		Re: Help with Security Have I coded this correctly? By: Timothy on Wed, 03 July 2013 17:42
		Re: Help with Security Have I coded this correctly? By: Christoph Michael Bec on Wed, 03 July 2013 17:52
		Re: Help with Security Have I coded this correctly? By: Daniel Pitts on Wed, 03 July 2013 18:12
		Re: Help with Security Have I coded this correctly? By: Christoph Michael Bec on Wed, 03 July 2013 18:35
		Re: Help with Security Have I coded this correctly? By: kishorguru99pvtltd on Mon, 08 July 2013 08:49
		Re: Help with Security Have I coded this correctly? By: Jerry Stuckle on Mon, 08 July 2013 12:48

Previous Topic:	Consumir Web Service usando SoapClient y Certificados jsk
Next Topic:	How can i get value of text area?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Thu Sep 19 21:30:37 GMT 2024

Total time taken to generate the page: 0.05298 seconds