Discuss: Manage Your Content With PHP

by Christopher Robbins

Pages

« First < 6 7 8

Author Comments
Editorial Comments

71 Another Security Leak

Just a quick note. I finally pu this system into use and I discovered another security leak. For Example I have a directory with these files and directories:

index.php
aboutus
thisismusic
secretstuff

And you go to:

http://www.domain.com/index.php?p=aboutus/index

Everything goes well, seeing as how folders and directory structure are still compatable with this system. BUT if you have a password protected directory(secretstuff) and someone types:

http://www.domain.com/index.php?p=secretstuff/index

They will immediately gain acess bypassing the security check…Does anyone know a way around this? I am actually using it to my advantage right now, but it is useful knowledge.

Jakks

posted at 12:56 pm on August 18, 2003 by Jakks

72 nops

never use redirects throug the URL. Some one could do http://domain.tld/goto.php?s=/usr/var

posted at 01:46 pm on September 24, 2003 by

Pages

« First < 6 7 8

Discussion Closed

New comments are not being accepted, but you are welcome to explore what people said before we closed the door.

Got something to say?

Discuss this article. We reserve the right to delete flames, trolls, and wood nymphs.

Create a new account or sign in below if you’d like to leave a comment.

Forgot your password?

Subscribe to this article's comments: RSS (what’s this?)

Topics

Ad via The Deck

Job Board

More on the Job Board.

A Book Apart

Designing for Emotion by Aarron Walter

Make your users fall in love with your site via the precepts packed into Aarron Walter’s brief, charming guidebook, Designing for Emotion.

Mobile First by Luke Wroblewski

Mobile First’s data-driven strategies and battle tested techniques will make you a master of mobile—and improve your non-mobile designs, too!

Buy both and save!

Hosted by

Published by

ALA Mobile by