Not a member? Click Here to sign up!
| Daytime Running Lights; Disable Info | How To Draw on a Graphing Calculator |
| Submitted On: Tuesday, December 2, 2008 at 7:57:35 AM |
Creeper Please login to rate this submission. Link to this Submission Blog and Forum Link HTML link Facebook / Pagereaders
|
DO NOT ATTEMPT: Articles provided here are for INFORMATIONAL PURPOSES ONLY. DO NOT undertake any project based upon any information obtained on the internet, including this website. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site. Please read the Legal page for more information. Below, I will go through a few common attacks, and list a few ways to prevent them. There are different ways to go about this, and possibly a few things I won't be covering...but we will try to give you an idea on how hackers think. Directory Traversals Directory Traversals (or Dot Dot Slash attacks) are highly common on servers not equipped to protect itself from such attacks. Below I will show a security vulnerability, and explain a way to patch this up. Quote Code: $FileName = $_GET["file"]; $FileHandle = fopen("path/" . $FileName, "r"); (Some Output Code Here fclose($file); The code above will open a file in the path directory as specified by the $_GET variable. This is all fine and dandy if users are placing valid, proper, and expected filenames into this area...but not everybody is so friendly. Imagine if this code is inserted into the header: ./././users/passwords/password.doc What this will do is traverse out of your current directory that you assume they are in, and go back (assumingly to root), then forward into the Users directory and the passwords directory. On a Windows System, this would be the path (for example): C:UserPasswords After the directory traversal attack is completed, it will now open your Passwords.doc and output the contents of the file wherever you would have your output display normally. This isn't even the biggest problem either...Say your file was actually being WRITTEN to: Quote Code: $FileHandle = fopen("/path/" . $FileName . ","w");In this instance, the system would overwrite any file with any variables your code block may be writing to. This can be anything from your htaccess file (Apache), your registry (user.dat and system.dat) or anything else on your server. This attack can be prevented by using RegEx filtering, or str_ireplace() filtering, as discussed later on. RegEx, str_ireplace(), and strip_tags() filtering These simple commands can be a huge help in what is called "sanitizing" variables. Because, as a programmer, you know what the system expects, and naturally, you expect only that input...Thinking further on, hackers play on this thought. They will try a multitude of attacks to get what they want done. str_ireplace This function takes a string, searches it for another string, and replaces it with another string. Syntax: $variable = str_ireplace($String_To_Find, $Replace_With_String, $In_This_String); Example: $Before = "Hello, I will have no E's in me after this!<br /&rt;"; echo $Before; $After = str_ireplace("e","",$Before); echo "After"; ______ This outputs: Hello, I will have no E's in me after this! Hllo, I will hav no 's in m aftr this! This function is case-insensitive. To use a case-sensitive version, use str_replace. Using this method, you can filter out the Dot Dot Slash attack from earlier like this: $FileName = str_ireplace("./","",$_GET['file']); I cannot stress this enough: ...
|
||||
| Tags: |
