Topic: my small "security" code

I have this in /include/common.php at the top. It prevents from some hacking attempts smile

$_COOKIE= array_map("strip_tags", $_COOKIE);
$_GET = array_map("strip_tags", $_GET);
function hacked($data)
    {
    $data2 = $data;
    $data = strtolower($data);
    IF(ereg('\.\./', $data))
        {
        die('../ in GET');
        }
    IF(ereg('union', $data))
        {
        die('union in GET');
        }
    IF(ereg('select', $data))
        {
        die('SELECT in GET');
        }
    IF(ereg('drop', $data))
        {
        die('DROP in GET');
        }
    IF(ereg('1=', $data))
        {
        die('1= in GET');
        }
    return $data2;
    }
$_GET = array_map("hacked", $_GET);

array_map executes a function on each array element smile The code will strip any tags in _GET (links) and cookies and will die if it will find ../ select, drop, 1=, union in links (SQL injections etc.)

My site [PHP, Python, Linux]

2 (edited by Tobi 2005-09-03 12:41)

Re: my small "security" code

And then, if you post something like "I bought a selection of drops at union station" you will die three times smile

And another time if you want to explain that "2-1=1" ...

The German PunBB Site:
PunBB-forum.de

Re: my small "security" code

forms are send via _POST smile

My site [PHP, Python, Linux]

4

Re: my small "security" code

So if you don't expect data coming in via GET you can drop that completely, or not?

The German PunBB Site:
PunBB-forum.de

Re: my small "security" code

SQL injection or XSS attacks are made mostly by links - the $_GET array. All data send by forms is in $_POST array and  the code doesn't touch it (like posts can have HTML code or "union" phrase..)
strip_tags will remove all tags from $_GET - XSS will be hard to execute because $_GET['variable'] will be stripped out of the code smile

The extra function "hacked": a ../ in a variable (which points with a patch to a file or folder like index.php?foo=files/bla.txt) means "go one folder up" - punBB doesn't use ../ so if we foud such thing - die, hacker trying to get a file/list of files. union, select, drop - common SQL commands (SQL injection). 1=1 1='1 1="1 - common things in examples of SQL injection. - if you have a query like: select foo from bar where filed=$_GET['x'] and a link: index.php?x=1 OR 1=1 would make: where field=1 or 1=1 smile 1=1 is always true so "where" gets pointles smile

My site [PHP, Python, Linux]

6

Re: my small "security" code

Yeah, sure.
My point was just:
Since punBB doesn't use the GET array anyway it doesn't matter what clever stuff a hacker wants to try there, it will be ignored anyway. smile

I might be wrong there though...

The German PunBB Site:
PunBB-forum.de

Re: my small "security" code

Tobi wrote:

Yeah, sure.
My point was just:
Since punBB doesn't use the GET array anyway it doesn't matter what clever stuff a hacker wants to try there, it will be ignored anyway. smile

I might be wrong there though...

PunBB uses GET quite a bit in search.php & to a lesser degree in index.php, viewforum.php + viewtopic.php

Re: my small "security" code

viewtopic.php?id=8637 <- look at those links smile $_GET['id']

My site [PHP, Python, Linux]

9

Re: my small "security" code

Ah.

smile

The German PunBB Site:
PunBB-forum.de