Jump to content

[SOLVED] Header injection?

darkfreaks

By darkfreaks
in PHP Coding Help

 Share

Recommended Posts

darkfreaks Advanced Member

darkfreaks

Posted
Posted

ok so there is injection in the error variable how do i fix this ???

 

 

<?php
$error=htmlentities
("Error+logging+in.+Have+you+created+an+account+yet?
+Passwords+are+caSe+SEnsITIvE.",ENT_NOQUOTES);

header("Location: $base_url/login.php?game=".urlencode($game)."&error=$error")?>

Link to comment
https://forums.phpfreaks.com/topic/138436-solved-header-injection/
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

 

 

Any other ideas about what? In one of your other threads you ware already asked to provide specific information about what is going on in front of you -

What is being injected and what is being accomplished by the injection?
and

What error resulted and what data did it (the test) use? Those pieces of information would help pinpoint what is going on.

 

Your posts are missing information about what you are doing and what the specific results are that you see and know about, but are not communicating for someone else to be able to help with.

thetooth Newbie

thetooth

Posted
Posted

ok so there is injection in the error variable how do i fix this ???

 

 

<?php
$error=htmlentities
("Error+logging+in.+Have+you+created+an+account+yet?
+Passwords+are+caSe+SEnsITIvE.",ENT_NOQUOTES);

header("Location: $base_url/login.php?game=".urlencode($game)."&error=$error")?>

 

by the looks of what your trying to do i would say its alot easyer to define all your errors in a config first and then use a simple heard redirect that calls it :)

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

 

 

Here is an answer that will always work, that we have stated many times - All external data cannot be trusted and must be validated by your script to insure it contains what you expect. One recent example -

http://www.phpfreaks.com/forums/index.php/topic,231391.msg1072822.html#msg1072822

 

mysql_real_escape_string() is only effective for stopping sql injection in string data. It does not help when the data is expected to be numeric and the numeric data is followed by an injected sql statement.

 

htmlentities() is only effective in preventing the content being output to the browser from being rendered and operated on by the browser. When that content is sent back to the server  as POST/GET/COOKIE data (such as a GET parameter on the end of a redirect URL), it can be anything and must be treated as untrusted and it must be validated again.

 

If your code (in the part you did not post, where the security hole is at) is using $_GET['error'], then you should be making sure that how you are using $_GET['error'] is safe.

 

Security is situation specific. How the data is being used determines what kind of protection it needs and at what point  it needs it. You cannot attempt to apply a fixed set of rules and expect them to work in every situation. If that was the case, then you could do things like have a programming language automatically protect against sql injection by escaping external data... Wait, they tried that with the magic_quotes settings and it did not work in all situations and when the data was not used for a database more code and processing time was needed to undo the unnecessary escaping. Magic_quotes was a wasted effort because they were not specific to how the data was being used and the only person who knows how data is being used in any application is the the programmer that is creating that application. It is his responsibility to write code that implements the security needed by that application.

Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.