darkfreaks Posted December 26, 2008 Share Posted December 26, 2008 hey guys any suggestions on how i would pass an error through error=thisisanerror without injection. i tried passing it as a $string but that didnt strip any injection from it no matter what function i called. ??? Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/ Share on other sites More sharing options...
DarkWater Posted December 26, 2008 Share Posted December 26, 2008 Just use a session? You should never pass a string through the URL only to display it right on the next page....that's kind of dumb. Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/#findComment-724003 Share on other sites More sharing options...
kenrbnsn Posted December 26, 2008 Share Posted December 26, 2008 Please tell us exactly what you are trying to do/avoid and tell us what you have tried. Ken Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/#findComment-724004 Share on other sites More sharing options...
darkfreaks Posted December 26, 2008 Author Share Posted December 26, 2008 it doesn't redirect to a page this is retarded whoever designed this to display the error on the same page through the header here is the code.... <?php //the error part is unsafe even if i take itout and put the //whole error in a $variable //and urlencode it. header("Location: $base_url/login.php?game= $game&error=Error+logging+in.+Have+you+created +an+account+yet?+Passwords+are+caSe+SEnsITIvE.");?> Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/#findComment-724006 Share on other sites More sharing options...
kenrbnsn Posted December 26, 2008 Share Posted December 26, 2008 That code looks perfectly ok. What is the problem? Ken Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/#findComment-724008 Share on other sites More sharing options...
darkfreaks Posted December 26, 2008 Author Share Posted December 26, 2008 i asked in the security forum for it to be tested and someone passed injection in it. they changed the error to marquee and whatever code they want. that is the prob :-\ Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/#findComment-724010 Share on other sites More sharing options...
kenrbnsn Posted December 26, 2008 Share Posted December 26, 2008 How is that input treated in the code. That's what we have to see. Ken Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/#findComment-724012 Share on other sites More sharing options...
darkfreaks Posted December 26, 2008 Author Share Posted December 26, 2008 i tried <?php $error="Error+logging+in.+Have+you+created+an+account+yet?+Passwords+are+caSe+SEnsITIvE."; header("Location: $base_url/login.php?game=".urlencode($game)."&error=".urlencode($error).""); ?> but that did not work either :-\ Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/#findComment-724014 Share on other sites More sharing options...
kenrbnsn Posted December 26, 2008 Share Posted December 26, 2008 No, we need to see how the script login.php is using $_GET['error']. That's where the problem is, not how you're setting it. The problem is that the script is trusting that $_GET['error'] will always be only those strings it knows about. Never trust user input At minimum, you should be using the strip_tags before sending the value of $_GET['error'] to the screen. Ken Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/#findComment-724016 Share on other sites More sharing options...
darkfreaks Posted December 26, 2008 Author Share Posted December 26, 2008 there is no $_GET['error'] it is all passed through this function <?php function error($page,$error = "") { include "globals.inc.php"; if (ereg("\?",$page)) { $string = "Location: $page&error=" . space2plus($error);// turn + to spaces } else { $string = "Location: $page?error=" . space2plus($error);// turn + to spaces } return $string; }?> Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/#findComment-724020 Share on other sites More sharing options...
kenrbnsn Posted December 26, 2008 Share Posted December 26, 2008 No. Somewhere in the script login.php it is sending the value for $_GET['error'] to the screen. If there is no $_GET['error'] then your scripts are relying on register_globals being enabled which is another security problem. Instead of posting snippets of the script that don't relate to the problem, just post the entire script. Ken Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/#findComment-724026 Share on other sites More sharing options...
kenrbnsn Posted December 26, 2008 Share Posted December 26, 2008 You marked this "solved" with telling us what solved your problem. Ken Link to comment https://forums.phpfreaks.com/topic/138477-solved-need-help-with-header-injection/#findComment-724030 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.