[Resolved] Newbie | URL Hide | Help

curioadmin

I noticed a major security problem with all my websites, the way I use the navigation. I always call another page by

main_page.php?file=sub_folder/another_page.php

I realised that a person can run any script from their own site into my sites like this

[url]http://www.my_page.com/index.php?file=http://www.hacker_site.com/some_script.php[/url]

I have large number of pages like this. One solution is introducing Frames into the site, but then, there are other issues like, one can not bookmark, resource intensive etc.

Can anybody help me out with some script / or some idea, so that I can hide the URL..?

Thanks in advance

Rajkumar

jayant

if you directly use $_GET['file'] variable, there could be a lot of problems like u mentioned. a person can read sensitive files as well.

solution

$file = $_GET['file'];

make sure its not an external file

=> first 7 characters should not be 'http://'
there should not be any '..' in it either. remove all multiple continous dots or else a sensitive file can be acessed via :
main.php?file=dir1/../../../some/sensitive/file.txt

many more serious issues as well. read the docs, it covers a lot of things

Weedpacket

Rather than try to guess every possible attack, keep a list (or generate one from, e.g., a directory listing) of files that users are allowed to request, and only honour requests for allowed files.

curioadmin

Dear Jayanth Kumar

Still, I didn't understand this...

In the index.php, I use the following script for invoking files

<? if (isset($file))
{include("$file");}
else {include("body/home.php");} ?>

And I use the navigation like this for different links.

<a href="<?php print"index.php?file=body/file1.php";?>">Click Here</a>
<a href="<?php print"index.php?file=body/file2.php";?>">Click Here</a>

Now in the address bar it appears like this for each navigation,

index.php?file=body/file1.php
index.php?file=body/file2.php

And the hacker runs script from his site like this

index.php?file=http://somesite.com/hack.php

Now how do I solve this problem.

Thanks

Rajkumar

jayant

<a href="<?php print"index.php?file=1";?>">Click Here</a>
<a href="<?php print"index.php?file=2";?>">Click Here</a>

<?php
        switch($_GET['file']) {
                case '1': $incfile = "body/file1.php"; break;
                case '2': $incfile = "body/file2.php"; break;
                default: $incfile = "body/main.php"; break;
        }
        include($incfile);
?>

curioadmin

Dear Jayanth Kumar,

That was a great help. It worked perfectly. Additionally, I have little modified the script. I just invoked as a separate file to have more security.

index.php

<? require "admin/index_nav.php" ?>

index_nav.php

<? switch ($_GET['url']) { 
   default: $incfile  = "body/file1.php"; break; 
   case '1': $incfile = "body/file2.php"; break; 
   case '2': $incfile = "body/file3.php"; break;   

   } 
   include($incfile); 
   ?>

Navigation

<a href="<? print"index.php?url=1"; ?>">Click Here</a>

Thanks a lot

Rajkumar