Reply to RE: [PHP] security/sql issues with php

Your name:

Reply:


Posted by "bruce" on 09/22/05 02:46

chris..

thanks for the replies... i think i understand what you're stating.. but i'm still confused as to why my app/server would allow a GET/POST piece of data that would/should be originating from a form on my site to come from a 3rd party/external site/app? i would have assumed that there are relatively easy/straight-forward methods to resolve this.

are you saying that my assumptions are wrong? i would have thought that it would have been simple to only accept 'data' or to restrict 'data' to forms/apps that are resident on my server/environment...

comments/thoughts....

-bruce



-----Original Message-----
From: Chris Shiflett [mailto:shiflett@php.net]
Sent: Wednesday, September 21, 2005 4:16 PM
To: bedouglas@earthlink.net
Cc: 'Jasper Bryant-Greene'; 'PHP Mailing Lists'
Subject: Re: [PHP] security/sql issues with php


bruce wrote:
> i just read an article that described how someone could have a url of
> 'http://foo.com/....' and have the URL in an <img> in their website.
> the website could be cat.com. the article implied that if a user would
> select the img, the link to the foo.com would be initiated, thereby
> fooling the user...
>
> i'm lost. i was under the impression that any interaction between the
> user and foo.com was essentially between the user and 'foo.com'. so that
> even though 'cat.com' may have caused the user to hit the link, the
> communication still occurs between the user and 'foo.com', not 'cat.com'

It sounds like you read an article about CSRF, cross-site request
forgeries. This is a bit difficult to explain, and it's a vulnerability
that exists in almost every PHP application I've audited.

CSRF describes any attack that causes a victim to send a request of the
attacker's choosing. In other words, a victim might send a request to
http://books.example.org/ without knowing it and without actually
visiting a web page at http://books.example.org/.

Using an img tag is just one type of attack - it's the most common, but
only because it's the easiest.

I gave a talk recently that was a hands-on demonstration of a handful of
common attacks, and CSRF was one:

http://brainbulb.com/talks/php-security-by-example.pdf

You can get the code for the exercises here:

http://brainbulb.com/phpworks.tar.gz

The second exercise is devoted to CSRF, and your first task is to
exploit the vulnerability. I think exploiting vulnerabilities is a
pretty good way to get a better understanding of them. Unfortunately,
viewing the slides of a talk is much less helpful than the talk itself,
but maybe there's enough there for you to understand the attack.

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация