Jump to content


Photo

security issue with case switch


  • Please log in to reply
5 replies to this topic

#1 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 22 September 2006 - 01:06 PM

I saw a huge post on here one time, about someone who was hacked, and asking for help.  After about 20-30 people on the forum examined his code, they discovered a case switch as a vunerability, I just realized I have used case switch statements(more of as a test), for almost this entire system I have created.  This advertising system, I have most pages with case statements, based on category, sub-category.  posts, and various other thing, with like a switch case statement,a nd in between each case, hundreds of lines of programming.  Is there any vunerabilities I should watch out for, with case switch statements?

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#2 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 22 September 2006 - 01:09 PM

i think the thread you were referring to was the dude who based his includes on a switch with a GET variable. 

The solution was to have a predefined array of what was deemed an acceptable value in the variable, and to check the variable against the array, and only include stuff afterwards.

That is, if it's "that thread" I think you're talking about.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#3 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 22 September 2006 - 01:12 PM

There is no inherit issue with a switch... after all, its just a mechanism for making a descision. However, the outcome of those decisions could be considered a security issue if your not sure what you doing.

#4 steveclondon

steveclondon
  • Members
  • PipPipPip
  • Advanced Member
  • 161 posts

Posted 22 September 2006 - 01:17 PM

I don't think you will have much to worry about as the two above have pointed out. The important part is where is the information comming from that goes into the switch. Can a user of the webpage alter this information and if the information is altered would this matter to what you are doing.

ie alter as in $_GET, $_POST, $_COOKIE



#5 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 22 September 2006 - 01:26 PM

actually yes they are, but they are post information coming from a get, or post variable.  I have 8 tables
postset1
postset2
...
postset8
and that postset number is set throughout the site, in url's and forms to pass what information along.  Like when they can edit, delete posts, it goes to a page with a case switch statement, deciding which post, userid, and postid, to pull the post from, then it updates it based on the switch on $postset

and yes that was the exact post I was speaking of.

POST MERGED BY WILDTEEN88: Please learn to use the edit button. DO NOT DOUBLE post. EVen to bump your thread too! You only bump your thread when its a a couple of hours old

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#6 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 22 September 2006 - 04:42 PM

You should validate the postset then. Making sure it is of a numeric value by using is_numeric and making sure postset doesnt exceed the number 8, like so:
if(is_numeric($_GET['postset']) && ($_GET['postset'] <= '8'))
{
    // postset is safe!
}





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users