Sign in to follow this  
  • entries
    97
  • comments
    98
  • views
    50547

Oops.

Sign in to follow this  
caffeineaddict

101 views

Here's a PHP snafu for you to avoid. A friend of mine made a site for someone and used PHP for the job. I decided to check the site out today and what did I discover? A security hole! Oh noes. It was really no fault of my friend, just oversight.

REGISTER_GLOBALS was apparently turned on and he used session IDs. In various places on the site he was getting user Ids and whatnot for the current session.

If you had an account and were signed in and knew a user ID, you could go their profile and it would set the current session to their profile ID, when you went to "My Account" you had access to all of the OTHER persons info. This included the ability to change passwords and e-mail and whatnot. Not cool. Luckily the site has only been live for a day so it's doubtful anyone else has discovered it. The server he had to use was a shared server, so he couldn't really change the settings, but he had a workaround by changing the variable names.
Sign in to follow this  


1 Comment


Recommended Comments

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now