Home

Services

Blog

Map

Contact Me

Rss

About

Professional WEB Development Blog

This page contains 10 latest blog records from our site. Old posts from our blog may be found using Archive section. I hope you find here something informative from you.

Vulnerable register_globals

You should exercise extreme care when working with parameters. If the register_globals parameters is set to On in the php.ini configuration file, global variables are created. This can be a vulnerability source if you are not being careful enough. Let's consider the following vulnerability demonstration example:

<form action="testpass.php" method="get">
 Login: <input name="username">
 Password: <input name="password">
</form>

if ($password== $legal_pass) and ($username==$legal_name)
  $logged = 1

if ($logged)
 {
  //The user has been authorized
 }

Full version | Tag: PHP Development | Date: 1/18/2010 9:12:15 PM

PHP and the POST Method

The mechanism of using the POST method is the same as that for the GET method. You only have to change the name of the method to be used (i.e., replace GET with POST) and your code will work without requiring any additional modifications. This, although, is conditional on that global parameters had been used to pass data and not the $HTTP_GET_VARS array (the POST method uses a different array). The earlier example demonstrating passing parameters using the GET method can be changed to use the POST method as follows:

<form action="param.php" method="post">
User Name: 
 <input name="UserName">
 <input type="hidden" name="Password" value="qwerty">
</form>

Other than replacing GET with POST, no other changes are necessary.

When the POST method is used, all parameters are also included in the request body in the parameter_name=parameter_value format. Additionally, the variable's names and their values are placed into the $HTTP_POST_VARS array, or $_POST for short.

Full version | Tag: PHP Development | Date: 12/14/2009 8:37:01 PM

CyD Web Development Tools 2010 Beta

I want to introduce you a new software product for WEB developers, Security specialists and SEO professionals: CyD Web Development Tools. It is a new product and you can test beta version at this moment. The product will consist of modules for WEB developers and SEO professionals. Some of the modules will be available as part of CyD Network Utilities - Security tools.

At this time the product consist of only one module - search for WEB site vulnerabilities. The program needs improvements but you can try the module absolutely free-of-charge with no limits. Tell me if you have any suggestions for the program or if you found error. Some commands do not work in the program. I'm going to implement the full set of the features as soon as possible.

Web Development Tools

Full version | Tag: Security | Date: 12/6/2009 9:09:27 PM

The GET Method

When the GET method is used, all the parameters that are passed to the script are placed into global variables. In addition, they are also placed into the $HTTP_GET_VARS array, or $_GET for short. But there is more to come. The parameters are also displayed in the browser's URL field. Thus, when the above example code with passing name and password parameters is executed, the URL will change to this: http://192.168.77.1/param.php?UserName=Flenov&Password=qwerty.That is, the original URL is appended with a question sign followed by the parameters passed in the parameter_name=parameter_value format and delimited by the ampersand (&).

How safe do you think this method is? Good thinking! Any of the parameters can be easily changed manually without even changing the form's source code. When developing scripts you should make it as hard as possible for hackers to be able to be able manipulate parameters. For example, do not use the GET method to transmit passwords, because it can be easily intercepted.

Another problem with this method is its openness. Consider the password example again. When a user enters a password via this method, the password will be displayed in the browser's URL field. Anyone passing by at this time can see this password in there.

Full version | Tag: PHP Development | Date: 11/11/2009 7:39:22 PM

Parameter Passing

Static web pages are a rarity nowadays. Practically any more or less big web site asks for some data from the users. The data supplied by the users are passed as parameters to the specified script using HTML forms. The following example shows how to create a form for entering a user name:

The <form> tag takes the following two parameters:

Action — Specifies the name or the complete URL to the script file to which the form parameters are to be passed.
Method — The method used to pass the parameters. There are two methods for doing this: get and post. We will consider in detail both of these methods, as you should have clear understanding of how they work.

Full version | Tag: PHP Development | Date: 11/8/2009 9:35:15 PM

Environmental Variables

All environmental variables passed to a script are placed by the interpreter into the $HTTP_ENV_VARS array. The format of this array is different on different computers. In Windows, environmental variables can be checked by executing the set command in the command line; in UNIX-like systems, environmental variables can be viewed by executing the env command.

You can find the following PHP environmental variables of use:

$DOCUMENT_ROOT — The path to the document root directory of the currently executing script on the server.
$SCRIPT_FILENAME — The current script's path.
$SERVER_ADDR – The address of the IP server on which the current script is executing.
$SERVER_PORT — The server port used by the web server for communication.

Full version | Tag: PHP Development | Date: 11/3/2009 9:04:01 PM

Error Handling in PHP

At certain configuration settings, PHP may not issue error messages. For production web sites, I recommend to keep this feature disabled. An extra message for a hacker is an extra hint to a successful break-in. For example, a message informing of excessive parameters tells me that the script does not check for the number of parameter passed to it, so it may not do other checks either, for example, whether the system function is called the right way. We will talk about the dangers inherent to this function repeatedly in this book.

A system used for application development must issue messages for any errors; otherwise, it is more likely than not that you will miss some potential errors, and will not be able to understand why the script code is not performing the way you intend it to.

The error reporting feature is enabled by setting the error_reporting parameter in the php.ini file to E_ALL. Error messages may be issued when numerical data is compared with string data. For example, adding a command error_reporting (E_ALL) command at the beginning of the script in which we considered the print_max() function (see Section 2.8) will produce the following error when a number and string are compared:

Full version | Tag: PHP Development | Date: 10/16/2009 6:37:31 PM

Arrays in PHP

An array is list of values that can be referenced with a single variable. This is achieved by using an index to reference individual array elements. Either a number or a word can be an index. Number indices start with zero.

Arrays are named in exactly the same way as variables, but with square brackets after the array name. In the following example, words "cake," "bread," and "carrot" are added to an array.

$goods[]= "cake";
$goods[]= "bread";
$goods[]= "carrot";

A particular array element is referenced by specifying its index in square brackets. For example, the following code displays the contents of the zero element, which is "cake":

Full version | Tag: PHP Development | Date: 10/4/2009 9:33:58 AM

Jacking Up Voting Results

Voting systems on different sites are constantly developing and programmers are trying to devise protection against visitors jacking up the voting counters. Suppose that you have decided to take a part in a poll conducted by some site and want your preferred answer to prevail. How can this be done? There are many ways. The one to employ depends on the program used to conduct the polling.

Let's consider one vote-boosting method, using the www.download.com site as an example. Here, visitors can vote for their favorite programs. When you see that your favorite program is way down in the ratings, you naturally want to lift it up and help the developers.

In order to know how to pad the votes, you must know how they are counted. The simplest methods use cookie files. These are files in which web servers save any useful for them information. Each web site has its own file, which only it can read. No site can read cookies created by other site servers. When you cast your vote for some cause or issue, the server saves the information about your vote in a cookie file. Let's consider the steps performed when registering votes:

Full version | Tag: Security | Date: 9/15/2009 9:24:17 PM

PHP Functions

When I was beginning to learn programming in Pascal, for a long time I could not fathom what functions were needed for. All my programs had flat structure without branchings or any kind. But once I ran into a problem: I had to write a program whose code looked like shown in next code.

print("Select one of the actions<BR>");

print("===========================<BR>");
print("Search <BR>");
print("===========================<BR>");

print("===========================<BR>");
print("Print <BR>");
print("===========================<BR>");

print("===========================<BR>");
print("Exit <BR>");
print("===========================<BR>");

Full version | Tag: PHP Development | Date: 9/5/2009 10:42:24 AM

Next 10 records >>