I'm not able to replicate this. I think vb now uses a "posthash" that' generated when you request to create a new thread. That hash has to match when you submit the data. So using a URL passing GET parameters isn't going to work unless you can match that "posthash".
Originally Posted by MaierMan
-- Cigars, whiskey and wild, wild women. --
I wrote a chatroom security script, and I was going to use something simular, but never did. I'm sure it would be very effective.
Originally Posted by Sepodati
"I haven't failed, I've found 10,000 ways that won't work."
- Thomas Edison
Chat Refinance Loans
June 28th, 2004, 07:05 AM
A way to get round people using remote scripts in your pages, an alternate way of the $page including system that is on the first page.
First you need to do this - this checks to see if a page is already set so it can load it, if not load a default one (home)
Then wherever you want the page to be included to this;
// Starting up page system
if (!isset($_GET['page']) || empty($_GET['page']))
$page = 'home';
$page = $_GET['module'];
Therefore the file has to be on your server and it saves you adding .php all the time in links
June 29th, 2004, 12:07 PM
Just curious about linuxaator's use of $id=(int)$id; to prevent hacking.
I have not used this in PHP thus far. What does "(int)" before a variable do? And would this really help with security?
June 29th, 2004, 12:31 PM
It doesn't prevent hacking, it only ensures that $id is now an integer and nothing else.
Originally Posted by nuLime
(int)5 => 5
(int)5.5 => 5
(int)5abc => 5
(int)abc => 0
So, if you're expecting an integer value from a form input, then casting it to an integer using (int) will ensure that's what you have. You still need to validate it's range, though, depending upon your application.
I am nothing now
and I'll be nothing when
this nothing world
has it's nothing end.
-- Violent Femmes
July 13th, 2004, 05:36 AM
July 30th, 2004, 09:40 AM
A Hacker is a Hacker is a Hacker
I just wanted to make a statement on this that I read (page 2). I have read lots of information in this site that would give me enough knowledge to hack an insecure site fairly easily. So could anyone else. The point is if someone is attempting to break in to my site using any technique, they're a hacker. Period. If they're first time newbies or they're ten year veterans, if they're five years old or fifty, they're a hacker. It doesn't matter if they have a vendetta or they're just killing time. I'm not flaming, as I think everyone that has contributed to this string has given (and is giving, and will give, most likely) valuable information. I'm just making the point that if they make the attempt and it works, then someone will say, "I don't see how you can discredit them. After all, they hacked me..."
Originally Posted by pezzer
Cheers to all making a contribution to this string for giving me security knowledge. I'm compelled to compile it and write articles, do research, maybe even ask for your contributions. Thanks again.
July 30th, 2004, 11:43 AM
no, they're crackers. i want to hack and think it's a great hobby if not occupation.
July 30th, 2004, 12:17 PM
I had a cracker once... I had soup, too, though...
August 1st, 2004, 08:20 PM
yes i agree with wannabe? hacker is term that all good computer programmers like to be associated with. I mean, there is nothing like coming across a quite complex problem with one of your applications/scripts and finding a nice "jim il fix it hack" to save the day, then revelling in your greatness as a hacker. Malicious hacking i feel should be referred to as cracking. Maybe this is one for the DS lounge.
Linux Apache Mysql PHP -
August 1st, 2004, 08:45 PM
This is a topic that has been discussed since the term was created. You can check the links in my signature for more information but I agree, this does not belong here. This is for security concerns when it comes to PHP.
Please, if you don't have anything relevant to this thread, DON'T POST IT HERE!
September 7th, 2004, 06:40 AM
Why not set a cookie containing something unique for this session. (I use a md5 hash of username, ip-adress, timestamp, and a random...)
Enter that hash into a loggin table, that also contains a user id.
Now this table can be used to easily look up who that user is, and thus what rights he should have.
December 29th, 2004, 04:36 AM
Using "include()" based on user input
This advice has been given: Append a string to a user-given string to restrict access to certain file types via
Never do this. There is no security at all!
You can circumvent this measure by adding a NULL byte in your query string:
Tested today and works in FreeBSD 5.3 and Debian Sarge, both fully patched.
Do not, I repeat: do not include() anything with a variable name in it.
The right "quick" way is the key->filename array that a.koepke mentioned above or JeffCT's solution in the very first post.
PS: Moderators please add a security warning to the posts: #522011, #76731, #76238, #76956
February 1st, 2005, 03:23 PM
At the moment I use includes on two sites that are stored in .inc.php files, and all of these start with lines similar to these:
and in this special case the filename of the included file would be "admin_functions.inc.php". So calling this file directly with whatever variables attached to the URL will result in the script dying.
die("Direct access to this page is not allowed.");
Any thoughts on this?
February 4th, 2005, 01:47 PM
one thing - many coders will assume POST to be pretty secure... in fact, they'll use dropdown boxes and not validate the info afterwards. BIG MISTAKE.
i know a guy who wanted to register for a class and could not because it wouldnt show up bc it was full. it would never show in the dropdown box... so it would be easy for someone to save the form to html on his comp, changed the dropdown to text (or coulda just added my class to the list as another option) and then clicked submit. VOILA!
the class was now registered for this guy even tho it was full already all because the coder thought dropdowns were already validated
now replace the university class here with something like an item number or something - and someone now just ordered an item that you are out of stock/no longer carry/doesnt exist etc, and has paid for it, and now it is in your system as garbage data.