Posted by firewoodtim on 10/14/03 12:00

The responses to my original message have been mostly out of standard
textbook advice (I have 5 of them). Thanks for trying, but it still
leaves my original question unanswered. Here is the situation:

I have a set of scripts that include several forms in which users
submit information that eventually winds up on a website. One of
those forms includes a WYSIWYG textarea editor, tinyMCE. However,
there are plenty of input (single line) elements that present similar,
if smaller, opportunities to inject malicious code. Add to that the
problem of tampered GET and POST data and you have the usual CMS-like
environment in which so many bad guys get their jollies.

I know all the rules about filtering input and escaping output, but I
want to focus especially on blocking attacks that could wind up giving
an intruder control of my site's command line or otherwise executing
malicious code in my filesystem's environment. Is it possible to
actually penetrate PHP code and wind up with a blinking cursor on a
command line, logged in as the user/owner of the site? If so, do you
do that through SQL injection?, command injection via a system
command?, XSS? ...

The WYSIWYG editor presents a special problem, because filtering data
from it is so complicated, but if it does not actually give access to
the command line, I think I can figure out a way to live with
unfiltered input by other means. I just can't live with giving
someone the opportunity to rummage around in my filesystem.

Any comments?

[Back to original message]