Wednesday, September 17, 2008

$_REQUEST Security Problem

hello all! it has been quite some time. i have been studying for my national examinations. oh well, today i am going to talk about security issues in PHP regarding the $_REQUEST variable.

The $_REQUEST variable is a combination of key and values of $_POST, $_GET and $_COOKIE variables. This is a 'superglobal', or automatic global, variable. This simply means that it is available in all scopes throughout a script.

The problem with this variable, is that when you are using it, you never know where the value came from. It might come from a cookie, it might come from a GET header request, or even a POST data.

This often allows hijacking of sessions to occur.
1) Hackers gets the Session ID of the user, visitor, or worse of all: Administrators.
2) They inject into the cookies to get into the session of the user/administrator.
3) this allows the server to show the hijacker what the real user sees.
4) and the hijacker is also able to access whatever the user is able to access.

Worse still, if you want to double check the session via a POST and GET, and you use the $_REQUEST variable to check, the hacker can simply put it into cookie and he passes through.

It also allows bots to POST data easily using cookies if you use $_REQUEST. Especially if you have forms using $_REQUEST, the bot can keep bypassing your form using cookies or get headers.

You should use a more specific variable to further secure your application. Well, that's all i have. Goodnights!

No comments: