Free Online Courses for Software Developers - MrBool
× Please, log in to give us a feedback. Click here to login
×

You must be logged to download. Click here to login

×

MrBool is totally free and you can help us to help the Developers Community around the world

Yes, I'd like to help the MrBool and the Developers Community before download

No, I'd like to download without make the donation

×

MrBool is totally free and you can help us to help the Developers Community around the world

Yes, I'd like to help the MrBool and the Developers Community before download

No, I'd like to download without make the donation

Vulnerabilities in PHP websites

This article will tell you about various vulnerabilities in PHP Website. We will discuss the common mistakes in php sites and also tell how to correct them.

Php websites are the most common websites on the internet.But many people don’t take care of several security risks which may be caused due to loophole in coding.I will tell 2 major loopholes in Php website which are to be avoided

First, we are going to discuss a simple program which sends an email to your user

Listing 1: Php email Program

<strong>Email form</strong>
<form method="post" action="test2.php">
  Email: <input name="email" type="text" /><br />
  Message:<br />
  <textarea name="message" rows="15" cols="40">
  </textarea><br />
  <input type="submit" />
</form>
<strong>test2.php</strong>
<?php
  $email = $_REQUEST['email'] ;
  $message = $_REQUEST['message'] ;

  mail( "anuragmeet2day@gmail.com", "Feedback Form Results",
    $message, "From: $email" );
  header( "Location: http://www.google.com" );
?>

This program will simple display a form which will let the user input the email and message.Now a normal user will enter both of these fields and he will be able to send a mail. But a spammer may use the email field to send multiple emails by filling in email field the following :

one-email-address@example.com
CC: two-email-address@example.com, three-email-addresses@example.com, etc-etc@example.com

What happens now is that when request move to test2.php then email field will contain multiple emails in which the cc mails are all spam mail.

To prevent this error it is really necessary that you check the input received in the email field.This check need to be done on server side.

Now,lets discuss another vulnerability ,ie exec method:

exec method

The exec method is used to execute any operation using php.It can be really helpful command.But if you are using this command on your server then please make sure that you never pass any user input argument in exec function, for example:

exec(ping www.google.com)
exec(ping.$domain)

In above example the first exec statement is safer than 2º one. Since in 1º exec the execute function is doing some defined work and do not require any user input.But in 2º exec we are pinging a user inputted domain. Now a hacker may exploit the domain field to execute some non required commands.

An attacker may even upload codes on your server directly by making use of exec function. So please use this function carefully and always filter the input which will be passed to exec function.

The 3º vulnerability is Sql injection. If login form is not properly validated then sql injection attack is possible

Sql injection

One can obtain unauthorized access to your website using sql injection.Here the query is exploited so that your website will accept even the wrong credential,giving hackers full access to your website

Listing 2: A simple form

<html>
<head>
<title>csanuragjain</title>
</head>
<body>
<form action="example.htm">
Name:<input type="text"/>
Password:<input type="password" value=""/>
<input type="submit"  value="submit"/>
</form>
</body>
</html>

We have made a simple html form which has 2 input fields for username and password.When the user enter the same then he press submit and the form gets verified at server.If its verified then we show him the success page.

Query at server : Select * from master where username=’$user’ and password=’$pwd’

Here attacker just goes to the login form and then fills some username and password in such a way that the login script always return a true so that the credential gets accepted and the attacker gets entry to your website.

Like for example if the user enter a username and in password he fills anything' OR 'x'='x

Query becomes : Select * from master where username=’csanurag’ and password=’anything' OR 'x'='x'

This query will always result in true so attacker is able to bypass your authentication

Proper precaution can save this attack easily.You need to check the login parameters enetered by user first at server.Make use of :

mysql_real_escape_string ( $unescaped_string ,$link_identifier )

The first argument is the unescaped string that is the input received from the client.Second argument tells about connection object

So here we have learned 3 ways for protecting our websites from web attacks.This is all for todays article.See you next time with some more interesting article



My main area of specialization is Java and J2EE. I have worked on many international projects like Recorders,Websites,Crawlers etc.Also i am an Oracle Certified java professional as well as DB2 certified

What did you think of this post?
Services
[Close]
To have full access to this post (or download the associated files) you must have MrBool Credits.

  See the prices for this post in Mr.Bool Credits System below:

Individually – in this case the price for this post is US$ 0,00 (Buy it now)
in this case you will buy only this video by paying the full price with no discount.

Package of 10 credits - in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download few videos. In this plan you will receive a discount of 50% in each video. Subscribe for this package!

Package of 50 credits – in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download several videos. In this plan you will receive a discount of 83% in each video. Subscribe for this package!


> More info about MrBool Credits
[Close]
You must be logged to download.

Click here to login