Php websites are the most common websites on the internet.But many people don’t take care of several security risks which may be caused due to loophole in coding.I will tell 2 major loopholes in Php website which are to be avoided
First, we are going to discuss a simple program which sends an email to your user
Listing 1: Php email Program
<strong>Email form</strong> <form method="post" action="test2.php"> Email: <input name="email" type="text" /><br /> Message:<br /> <textarea name="message" rows="15" cols="40"> </textarea><br /> <input type="submit" /> </form> <strong>test2.php</strong> <?php $email = $_REQUEST['email'] ; $message = $_REQUEST['message'] ; mail( "firstname.lastname@example.org", "Feedback Form Results", $message, "From: $email" ); header( "Location: http://www.google.com" ); ?>
This program will simple display a form which will let the user input the email and message.Now a normal user will enter both of these fields and he will be able to send a mail. But a spammer may use the email field to send multiple emails by filling in email field the following :
CC: email@example.com, firstname.lastname@example.org, email@example.com
What happens now is that when request move to test2.php then email field will contain multiple emails in which the cc mails are all spam mail.
To prevent this error it is really necessary that you check the input received in the email field.This check need to be done on server side.
Now,lets discuss another vulnerability ,ie exec method:
The exec method is used to execute any operation using php.It can be really helpful command.But if you are using this command on your server then please make sure that you never pass any user input argument in exec function, for example:
exec(ping www.google.com) exec(ping.$domain)
In above example the first exec statement is safer than 2º one. Since in 1º exec the execute function is doing some defined work and do not require any user input.But in 2º exec we are pinging a user inputted domain. Now a hacker may exploit the domain field to execute some non required commands.
An attacker may even upload codes on your server directly by making use of exec function. So please use this function carefully and always filter the input which will be passed to exec function.
The 3º vulnerability is Sql injection. If login form is not properly validated then sql injection attack is possible
One can obtain unauthorized access to your website using sql injection.Here the query is exploited so that your website will accept even the wrong credential,giving hackers full access to your website
Listing 2: A simple form
<html> <head> <title>csanuragjain</title> </head> <body> <form action="example.htm"> Name:<input type="text"/> Password:<input type="password" value=""/> <input type="submit" value="submit"/> </form> </body> </html>
We have made a simple html form which has 2 input fields for username and password.When the user enter the same then he press submit and the form gets verified at server.If its verified then we show him the success page.
Query at server : Select * from master where username=’$user’ and password=’$pwd’
Here attacker just goes to the login form and then fills some username and password in such a way that the login script always return a true so that the credential gets accepted and the attacker gets entry to your website.
Like for example if the user enter a username and in password he fills anything' OR 'x'='x
Query becomes : Select * from master where username=’csanurag’ and password=’anything' OR 'x'='x'
This query will always result in true so attacker is able to bypass your authentication
Proper precaution can save this attack easily.You need to check the login parameters enetered by user first at server.Make use of :
mysql_real_escape_string ( $unescaped_string ,$link_identifier )
The first argument is the unescaped string that is the input received from the client.Second argument tells about connection object
So here we have learned 3 ways for protecting our websites from web attacks.This is all for todays article.See you next time with some more interesting article