calabiyau Posted February 8, 2007 Share Posted February 8, 2007 Okay, so I read a post several pages ago, where the person was including content into his page based on the link that was clicked and the variable that was passed to the url. Person said they had their account disabled because someone had hijacked his/her script and used it to spam. Apparently this was done because the bad guy could include any of their own scripts instead, I assume by adding whatever they wanted to the url. So I have made a CMS for myself that does pretty much the same thing and am worried that I am vulnerable to the same kind of attack. The only difference is that when I include the file, it is from a folder. Does having the folder name before the GET variable stop someone form being able to add in http://www.badguysite.com/badscript.php Or is that even how it is done? This is a snippet of my code here: <div id="content">'; if (!empty($_GET['page'])) { $page = $_GET['page']; } else { $page = 'home'; } $cachepage = 'cache/'. $page . '.php'; if (!file_exists($cachepage)) { include('../connections.php'); $query = "SELECT * FROM ".$page; $results_id = mysql_query($query, $connect); while ($row = mysql_fetch_array ($results_id)) { $stringData = $row['page_html']; } $fh = fopen($cachepage, 'w') or die("can't open file"); fwrite($fh, $stringData); fclose($fh); } if (file_exists($cachepage)) { include($cachepage); } Am I safe? Quote Link to comment Share on other sites More sharing options...
only one Posted February 8, 2007 Share Posted February 8, 2007 if you are going to include any files i would suggest setting it in another folder inside your root folder, then if you want to include a file like, include("file/$page.php"); they cant get their page on from their site becasue it will have to be in that folder first, if you have include("$page.php"); they could do, page.php?page='their url', this allows them to include their page fom their own site, hope it make sense to you by the looks of it from me your safe Quote Link to comment Share on other sites More sharing options...
Hypnos Posted February 8, 2007 Share Posted February 8, 2007 The vulnerability you're talking about would be like this: $page = $_GET['page']; include($page); URLs will work for includes. Someone could set page to the URL of their malicous script, and it would be included and executed. file_exists doesn't seem to return true for a URL. Only for a file on the local file system, so you should be safe from that. However, your script is not safe from SQL injection. You need to sanitize $page before sending it to an SQL query. Quote Link to comment Share on other sites More sharing options...
calabiyau Posted February 8, 2007 Author Share Posted February 8, 2007 thanks for replies. So the fact that I have stored the included files in their own folder and have used file exists means I am probably safe then? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.