|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 46
Members: 0
Total: 46
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Repert code PHP |
|
Posted: Tue Jan 01, 2008 8:13 am |
|
|
nox |
Advanced user |
|
|
Joined: Dec 29, 2007 |
Posts: 100 |
Location: c://windows/system32 |
|
|
|
|
|
|
Hello , can you help me for repert this code and secure it, it is in my website , and my website get hacked , i need to secure it PLZ !!!
Code: | <?page = $_GET["page"];
if ( !$page ) $page='home';
require $page.'.html';
?> |
THanks ALL [/code] |
|
|
|
|
|
|
|
|
Posted: Tue Jan 01, 2008 8:59 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Best choice is predefined list of allowed pages:
Code: |
$page = empty($_GET['page']) ? 'home' : $_GET['page'];
$allowed = array('home', 'page2', 'page3');
if( in_array($page, $allowed) )
{
require($page . '.html');
}
else
{
die('Hacking attempt?');
}
|
And if you have lot's of pages and don't want to list them all, then you must sanitize incoming page name carefully:
Code: |
$page = empty($_GET['page']) ? 'home' : $_GET['page'];
if(preg_match('/[^a-zA-Z0-9-_]/', $page))
{
die('Hacking attempt?');
}
$page = "$page.html";
if(!is_file($page))
{
die('Page not found!');
}
require($page);
|
Let me know, if you have questions |
|
|
|
|
Posted: Wed Jan 02, 2008 1:34 pm |
|
|
nox |
Advanced user |
|
|
Joined: Dec 29, 2007 |
Posts: 100 |
Location: c://windows/system32 |
|
|
|
|
|
|
No questions , Thankx Waraxe ... |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|