[SOLVED] Making my PHP switch secure.

Misanthrope · June 15, 2009

I'm using a very basic php switch right now, and it's only real purpose is navigation. However, just glancing at it told me it was vulnerable to RFI. Here is the switch in it's current form:

<?php
switch($id) {
default:
include('index.html');
break; case"id1":include('id1.html');
break; case"id2":include('id2.html');
break; case"id3":include('id3.htm');
break; case"id4":include('id4.htm');
break; case"id5":include('id5.htm');
} ?>

Is there any way to make it secure without having to scrap it and replace it with something needlessly bloated with features I don't need?

And yes, I suck when it comes to security.

MadTechie · June 15, 2009

How is that vulnerable to RFI ?

your pages are hard coded!

Misanthrope · June 15, 2009

How is that vulnerable to RFI ?

your pages are hard coded!

Someone attempted RFI and screwed up my site the other day, and ended up with the switch directing to an offsite script.

EDIT: Found the problem was in fact in another script that allowed the attacker enough access to mess with the switch. Fixed up that exploit and so don't expect any more problems. My mistake ::)

MadTechie · June 15, 2009

lol, its always the last place you look

can you click topic solved bottom left

Sign In

[SOLVED] Making my PHP switch secure.

Recommended Posts

Misanthrope

Link to comment

Share on other sites

MadTechie

Link to comment

Share on other sites

Misanthrope

Link to comment

Share on other sites

MadTechie

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information