Guest Drizzle Posted May 23, 2010 Share Posted May 23, 2010 ]Ok, so i've seen a method around that checks pages for $globals, which is supposed to not let the file run if it isnt defined. However, its just a waste of space, because anyone can just put $globals=1; and bam. So here's what i came up with: $pages = array('/headers.php','/index.php'); // Put all your page names in here that you want ran. //Make sure page is defined. If it isnt, give the error. if(isset($page)){ //The below code checks if $page is equal to that pages script. Usually, people would think just putting the pages in an array would do it, however, //That would fail because anyone who uploads a file could easily put 1 of the filenames and it will run. Now, $page must equal both the script name and be in the array :) if($page != $_SERVER['PHP_SELF']){ echo '<div class="error">This page is not authorized for use.</div>'; exit; } //The below checks if the page name is in the $pages array defined earlier. if(!in_array($page, $pages)){ echo '<div class="error">This page is not authorized for use.</div>'; exit; } //The below code means if $page isnt even mentioned, to give an error. } else { echo '<div class="error">This page is not authorized for use.</div>'; exit; } I don't know how much you guys will get use of it, but its better than the usual $globals i see floating around. :P Oh and another note, make sure you dont add the $page=w/e inside globals or any of the major files, as it will error. Quote Link to comment Share on other sites More sharing options...
Guest Dylan1994 Posted May 23, 2010 Share Posted May 23, 2010 I heard that ['PHP_SELF'] Was un-secure Quote Link to comment Share on other sites More sharing options...
Guest Drizzle Posted May 24, 2010 Share Posted May 24, 2010 I dont really see how it is. I dont know where you heard that. But in this there is really nothing to exploit. Quote Link to comment Share on other sites More sharing options...
Zeggy Posted May 24, 2010 Share Posted May 24, 2010 What kind of exploit does this protect from? Quote Link to comment Share on other sites More sharing options...
Guest Drizzle Posted May 24, 2010 Share Posted May 24, 2010 Well, say someone uploads a file to your server somehow with just including globals. This code will render it useless, giving anyone who tries to view the uploaded page an error. It checks for $page defined on pages. If $page is defined, it then checks if $page is the same as the page's page_name_here.php. After that, it checks if the url is in the array of allowed urls ($pages). Then if all checks are passed the page is fed to the user. Quote Link to comment Share on other sites More sharing options...
Zeggy Posted May 24, 2010 Share Posted May 24, 2010 Well, if somebody managed to upload a file that can be run as a php file, then there really isn't anything you can do to stop it from doing whatever it wants, as any security features you add can be defeated quite easily when you can upload scripts run on the server side. By this point you've already lost. You need to prevent them from ever getting to this stage. Quote Link to comment Share on other sites More sharing options...
Guest Drizzle Posted May 24, 2010 Share Posted May 24, 2010 I do agree that they shouldnt be able to upload, but this is just an upgraded version of the old non-working one. Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted May 24, 2010 Share Posted May 24, 2010 PHP_SELF can be exploited as you can append to the url youra.php youra.php/noob and anything appended will be treated as valid code so can lead to all kind of trouble. Quote Link to comment Share on other sites More sharing options...
Djkanna Posted May 24, 2010 Share Posted May 24, 2010 PHP_SELF can be exploited as you can append to the url youra.php youra.php/noob and anything appended will be treated as valid code so can lead to all kind of trouble. Love the example ;) Quote Link to comment Share on other sites More sharing options...
Spudinski Posted May 24, 2010 Share Posted May 24, 2010 Bah... a simple command prevents all uploads. chmod 0755 * chmod 0755 */* chmod 0755 */*/* --- aka. only the user should be able to read, write and execute In addition, permit no execution within the uploads dir. Not really efficient, as some requires more permissions; but this is the most solid permission set that is widely used. In addition, you can run Apache in a chrooted state and chown the files to Apache. Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted May 24, 2010 Share Posted May 24, 2010 BTW $page isn't defined... $_SERVER['PHP_SELF'] alternative/vulnerability This reminds me a little of something i did ages ago... [mccodes]Secure demo account Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.