Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: php - inject code into $_SERVER ?

from [Seann Alexander] Network Security [Permanent Link]
Subject: Re: php - inject code into $_SERVER ?
Date: Tue, 1 Feb 2005 12:45:12 -0500
I would highly recommend using a regular expression to only accept xxx.xxx.xxx.xxx

On Feb 1, 2005, at 4:16 AM, Christophe Vandeplas wrote:

Hello

I am coding a kind of weblogin system that adapts the firewall of a
gateway for logged users so that they can access another network.
The weblogin system is written in php4 on a apache2 webserver running on a debian system.

to adapt the firewall I made a simple script, let's call it
firewallAuth. This script needs 1 argument, the ip that needs to be
added in the firewall.

Now the only way to do this in php is to use the 'exec()' function.
The ip of the user is stored in $_SERVER['REMOTE_ADDR'].
To get root rights (I need them to adapt my firewall) i use sudo. (the
php user can only run the firewallAuth command with sudo)

So I just do this in php code:
exec("sudo /home/firewall/firewallAuth ".$_SERVER['REMOTE_ADDR']);

My question is now: is there any (known) way for a user to inject arbitrary code
into this _SERVER global? (and thus execute this code on the server with root permissions)
or am I not-to-unsafe to use it?

Should I perform some more checks on the $_SERVER['REMOTE_ADDR'] before using it as argument?


Thanks for the comments.


--
-------------------------------------
Christophe Vandeplas
GSM: +32 (0)486/64.10.33
email: christophe(at)vandeplas(dot)com
http://www.vandeplas.com
GnuPG:1024D/14913897: 66BD A9EB 0357 D80F 20D4 D698 3B2B E562 1491 3897
-------------------------------------
*** PLEASE ***
"Never send mass-mails/forward to this email address.
Please add the email-address to the BCC field (Blind Carbon Copy)
or send the mail separately to me."
--
-------------------------------------
Christophe 'ElCascador' Vandeplas
GSM: +32 (0)486/64.10.33
email: christophe(at)vandeplas(dot)com
http://www.vandeplas.com
GnuPG:1024D/14913897: 66BD A9EB 0357 D80F 20D4 D698 3B2B E562 1491 3897
-------------------------------------
*** PLEASE ***
"Never send mass-mails/forward to this email address.
Please add the email-address to the BCC field (Blind Carbon Copy)
or send the mail separately to me."

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: php - inject code into $_SERVER ?, Benoit Lefebvre
Next by Date:  Re: php - inject code into $_SERVER ?, Christophe Vandeplas
Previous by Thread:  Re: php - inject code into $_SERVER ?, Benoit Lefebvre
Next by Thread:  Re: php - inject code into $_SERVER ?, Bogdan Tomchuk
Indexes:  [Date] [Thread] [Top] [All Lists]