Using Register Globals in PHP

register_globals is used whether or not to register the EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables in php.
When on, register_globals will inject your scripts with all sorts of variables, you  really don’t know for sure where they come from and can only assume. Internal variables that are defined in the script itself get mixed up with request data sent by users.
example of misuse of register_globals:
<?php
// define $authorized = true only if user is authenticated

if (authenticated_user()) {

$authorized = true;

}
// Because we didn't first initialize $authorized as false, this might be

// defined through register_globals, like from GET auth.php?authorized=1

// So, anyone can be seen as authenticated!

if ($authorized) {

include "/highly/sensitive/data.php";

}

?>
When register_globals = on, our logic above may be compromised. When off, $authorized can’t be set via request. it is generally a good programming practice to initialize variables first. For example,  $authorized = false.
Please note that register_globals cannot be set at runtime (ini_set()). Although, you can use .htaccess if your host allows it as described above.
An example .htaccess entry: php_flag register_globals off.

Comments

Post a Comment

Popular posts from this blog

How to call php functions inside smarty template directly

we can use {insert} tag for calling php functions inside smarty templates directly to display the output of the php function. it is similar to {include} tag except that {insert} tags are NOT cached when template caching is enabled. They will be executed on every invocation of the template. Remember all {insert} function names in your application must be prepended with “insert_” to remedy possible function name-space conflicts.so simply if your function is named as insert_getBanner, then call it inside {insert} tag as {insert name=”getBanner”} {* example of fetching a banner with agruments*} {insert name=”getBanner” lid=#banner_location_id# sid=#site_id#} Here we call a php function named as insert_getBanner with arguments lid and site_id so the php function must as like function insert_getBanner( $lid, $site_id) { ….. } we can use assign and script attributes to assign the output of insert tag to a variable and including a php script. more details can be found on http
Read more

Top 50 Web Hacking Techniques

This post will serve to collect new attack techniques as they are published. If you think something should be added, please comment below and I'll add them. "Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about actual new and creative methods of Web-based attack. The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work." Current 2011 List Bypassing Flash’s local-with-filesystem Sandbox Abusing HTTP Status Codes to Expose Private Information SpyTunes: Find out what iTunes music someone else has CSRF: Fla
Read more

PHP / SQL Security – The Big Picture

Web Security Whether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security matters. After the hard work put in to make your site look good and respond to your users, the last thing you want is for a malicious hacker to come along, perform a PHP hack and break it somehow. There are a number of problems in web security, and unfortunately not all of them have definite solutions, but here we'll look at some of the problems that should be considered every time you set out to write a PHP script to avoid a PHP hack attack. These are the problems which, with well-designed code, can be eliminated entirely. Before looking in detail at the solutions, though, lets take a moment to define the problems themselves. SQL Injection In this attack, a user is able to execute SQL queries in your website's database. This attack is u
Read more