Suffering with php Injection PHP Injection

Asked

Viewed 79 times

-2

Hello folks I am suffering a lot with php Injection and I believe that the vulnerability is in the codes below will be that could help me to end this.

<?php $page = ($_GET['loadpage'] == "") ? "main" : stripslashes($_GET['loadpage']);

?>

<div id="centro">
    <?
        if(file_exists($page.".html")){
            include($page.".html");
        }else{
            echo '<div class="completo"><div class="inner_box" align="center">Página não encontrada</div></div>';
        }
    ?>
</div>

2 answers

0

Use the functions of satanização of PHP itself:
https://www.php.net/manual/en/function.filter-input.php

Example:

<?php
$page = filter_input(INPUT_GET, 'loadpage', FILTER_SANITIZE_URL || FILTER_VALIDATE_URL);
echo "Sua página: $page.\n";
?>
<div id="centro">
    <?
        if(file_exists($page.".html")){
            include($page.".html");
        }else{
            echo '<div class="completo"><div class="inner_box" align="center">Página não encontrada</div></div>';
        }
    ?>
</div>

Never use the global methods/functions: $_GET, $_POST, $_SERVER as you are doing, instead use the satanization functions, including there are two constants that you can pass in the third parameter, which is FILTER_VALIDATE_URL and FILTER_SANITIZE_URL.

  • Taffarel I did not understand very well the use of filters should replace my code by the one you put in the example?

  • Yes, you can replace it. I advise you to read the PHP filtering documentation. https://www.php.net/manual/en/function.filter-input.php

0


Willian, first, always use Sanitize filters PHP to sanitize variables acquired by POST or GET.

Reference: https://www.php.net/manual/en/filter.filters.sanitize.php

To solve the problem of injections, you will have to map the inputs! Simply put, you can do so:

<?
    if(file_exists($page.".html")){
        if(in_array($page,array('pagina1','pagina2','pagina3'))){
             include($page.".html");
        } else {
             echo 'Você não tem permissão para acessar essa página';
        }
    } else {
        echo 'Página não encontrada';
    }
?>

However, these techniques are already consolidated in several PHP Frameworks, I suggest that if possible, you use one of these: Codeigniter or Laravel.

https://codeigniter.com

https://laravel.com

  • Wilson, Thanks for the return is part I managed to implement but the code was missing close a parenthesis after 'pagina3' and the first I had to remove because it was giving error on the page.

  • Willian, what error is appearing?

  • Wilson, from which page cannot be displayed!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.