|
PHP - Hacking With Url Rewriting
Hi all,
I have a security problem with my website who is a social network (like facebook). Let's me Explain : You can execute this page on my website. www.SocialNetWork.com/ChangeStatus.php?param=Hello So your status become "Hello". On your profile, you can create a link to a picture on the web, for example : <img src='http://www.hacking.com/pic.jpg'> The problem is that a "hacker" create several russian girl profile and made links to pic.jpg on his server, and this .jpg file rewrite URL to : www.SocialNetWork.com/ChangeStatus.php?param=Suck. So when you visite his profil, the php code is launched, and the status OF THE VISITOR is changed ! I have no idea of how to stop this ? If i check the variable : $_SERVER['HTTP_REFERER'] The value is empty or www.SocialNetWork.com, but never www.hacking.com ... How can i stop the fact that a foreign picture could launch a php page on my website ? thanks for help ! ps: sorry for my english Similar TutorialsI would like to better understand relative and absolute paths when rewriting URLs. My virtual host configuration is shown below. I wish the server to see something like: https://example.com?page=page1&controller=controller1&data1=123&data2=321Given the rewrites as shown in my virtual host, what would be the proper URL in the browser? One of these (note the ? and &), or something different? https://example.com/page1/controller1?data1=123&data2=321 https://example.com/page1/controller1&data1=123&data2=321Next, if I enter one of the URLs, how do relative paths to images, etc work? Would the browser think it is in the root directory, or in /page1/controller1? I had problems with relative paths, and changed to absolute paths, and it fixed the problem, but I wish to better understand what is happening. On a side note, I would appreciate any critique of my virtual host configuration. My goal is for all requests to example.com to redirect to https://example.com, for only https://example.com (no subdomain) to redirect to https://www.example.com, and do the rewriting of page and controller. Thank you
# Note that if a virtual ServerName is not found (i.e. IP 192.168.1.200), Apache defaults to first virtual host.
# Note that if ServerName is set to one of the virtual host ServerName's in the Second Section, it doesn't work (why?)
# Handle just example.com to http
<VirtualHost *:80>
ServerName example.com
ServerAlias *.example.com
Redirect / https://www.example.com/
</VirtualHost>
# Handle just example.com without subdomains
<VirtualHost *:443>
ServerName example.com
# ServerAlias example.com
SSLEngine on
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateKeyFile /etc/pki/tls/private/example_key.pem
SSLCertificateFile /etc/pki/tls/certs/example_startssl.crt
SSLCertificateChainFile /etc/pki/tls/certs/sub.class1.server.ca.pem
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias *.example.com
DocumentRoot /var/www/example/html
SSLEngine on
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateKeyFile /etc/pki/tls/private/example_key.pem
SSLCertificateFile /etc/pki/tls/certs/example_startssl.crt
SSLCertificateChainFile /etc/pki/tls/certs/sub.class1.server.ca.pem
<Directory "/var/www/example/html">
allow from all
Options +Indexes
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# Are these lines necessary, or should I create a virtual host for http on port 80 instead?
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
## If the request is for a valid directory, file, or link, don't do anything
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l
RewriteRule ^ - [L]
#remove the trailing slash
RewriteRule (.+)/$ $1
# If you add this first rule to support views, be sure to remove the QSA flag from the second rule (maybe not required since the first rule has the L flag)
#replace mypage/mycontroller with index.php?page=mypage&controller=mycontroller
RewriteRule ^([^/]+)/([^/]+)/?$ index.php?page=$1&controller=$2 [L,QSA]
#replace mypage with index.php?page=mypage
RewriteRule ^([^/]+)/?$ index.php?page=$1 [L,QSA]
</IfModule>
</Directory>
</VirtualHost>
This topic has been moved to mod_rewrite. http://www.phpfreaks.com/forums/index.php?topic=359560.0 It has been brought to my attention that $_SERVER['PHP_SELF']; can be easily hacked. In this code... Code: [Select] <form id="login" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> Do I even need anything in the Action attribute if I am redirecting the form to itself?! Please advise... Debbie and doing sql injections i have enabled mysql logging and i can find where they did the query, but it only shows the query, it doesn't show what location or what url or how they did it so how can i fix it? thanks also lighttpd logs doesn't show... this sucks This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=321745.0 Hi, when i submit the form using the following text... -1 OR 1=1) AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT @@VERSION),1,1)),0)>25),1,2)) that was sent by the hacker in my website i am trying to escape the above and filter it ... am using the mysql_Real_escape_string and trim function.. but nothing escaped... can u give me a suggestion , pls help me For obvious reasons, I wouldn't want any links to these sites or resources in this thread. I'd like some advice on where to find *modern* hacking techniques used against php and mysql. I'd prefer some info on PM so that not everybody is exposed to such sites - even suggested queries for google because I'm having a hard time finding reliable information. Also, does anybody have any advice on security books for say network (apache), php, mysql? I doubt I'll get a pm so if I do, I'll donate $20 to charity today! lol Code: [Select] if ($indovina!=$indovinata) { if ($tentativi>=6) { echo ("\n<p>Sorry, you hanged yourself. The word you had to guess was: ".$indovina."</p>\n"); } else { $scelt = preg_split('//', $scelte, -1, PREG_SPLIT_NO_EMPTY); echo ("\n<p>\n"); foreach ($alfabeto as $lettalf) { $contrl = false; foreach ($scelt as $lett) { if (!strcasecmp ($lettalf, $lett)) { $contrl = true; } } if ($contrl) { print (' <img src="images/lr_'.$lettalf.'.gif" style="border:0;width:20px;height:20px" alt="'.$lettalf.'" />'); } else { print (' <a href="'.$_SERVER['PHP_SELF'].'?letter='.$lettalf.'"><img src="images/lb_'.$lettalf.'.gif" style="border:0;width:20px;height:20px" alt="'.$lettalf.'" /></a>'); } if ($lettalf=='m') echo ("\n <br />"); echo ("\n"); } echo ("</p>\n"); } } else if ($indovinata){ echo ("\n<p>Congratulations! You guessed the word.</p>\n"); $DB->query("UPDATE ibf_members set gold=gold+5 WHERE id = {$ibforums->member['id']}"); } Look at the bottom, ok so if the person wins the hangman game, it will show "Congrats" but then people will just beable to refresh the page, and that query will run again and again and that person will gain +5 gold each time....we need to fix this!! any help? I've been looking everywhere for a solution of this but I can't find one...
Basically what I did was created a class named USER.
public class USER{
private static $USER = array();
public function __construct($U='')
{
// if $U is not entered (=='') then set $U to MY USER ID ($_COOKIE['user'])
// do a mysql query by the ID (ala $U) and store the results to self::$USER
}
public function ID()
{
return self::$USER['id'];
}
}
This is the code I am running...
I do a user profile page that shows different properties of the USER from the database: USERNAME(),ID(),PHONE(),EMAIL(), etc. etc.
// creates an instance of a different user (other than myself) $PROFILE = new USER($ID); // $ID: 26 will retrieve USERNAME: Test // create an instance of user class for myself using the cookie holding my id $ME = new USER($_COOKIE['user']) // $_COOKIE['user']: 01 will retrieve USERNAME: Monster echo($PROFILE->USERNAME()); // displays Monster echo($PROFILE->ID()); // displays 01Any idea what I am doing wrong? I would assume that $PROFILE->USERNAME() would display Test and $ME->USERNAME() would show monster. This topic has been moved to mod_rewrite. http://www.phpfreaks.com/forums/index.php?topic=318858.0 |
|||||||