Find the hack?
Hi,
I've written a script that works like a guestbook that saves in flatfile. One problem. Apparently it has a security issue thus making it hackable. I can't for the life of me figure out why.
Anyway, I've been looking over at PHP.net and at ONLamp.com to read up on security along with consulting the grand total of three books I have on the matter of PHP, but so far unfruitful. I feel very, very stupid. My only excuse is that this script is very, very long and has been a work in progress for 2 years or so it's kinda made me blind.
If anyone would offer to take a look at it and help me out, I'd apprecciate it. Or even point me to some really good security references for PHP
I won't include the entire script here, but rather a bit of it that reveals where I think the weakness might lie.
Let's see, it's a one file does all kind of script where you have the form on top and the entries below. The form's action is set to action="file.php?action=sign" and the url to retrieve the entries and the blank form is file.php?action=view
Now abbrevated script.
Anyone able to help and I'd be very, very grateful.
I've written a script that works like a guestbook that saves in flatfile. One problem. Apparently it has a security issue thus making it hackable. I can't for the life of me figure out why.
Anyway, I've been looking over at PHP.net and at ONLamp.com to read up on security along with consulting the grand total of three books I have on the matter of PHP, but so far unfruitful. I feel very, very stupid. My only excuse is that this script is very, very long and has been a work in progress for 2 years or so it's kinda made me blind.
If anyone would offer to take a look at it and help me out, I'd apprecciate it. Or even point me to some really good security references for PHP
I won't include the entire script here, but rather a bit of it that reveals where I think the weakness might lie.
Let's see, it's a one file does all kind of script where you have the form on top and the entries below. The form's action is set to action="file.php?action=sign" and the url to retrieve the entries and the blank form is file.php?action=view
Now abbrevated script.
if ($action=="sign"){
/*Processes the form and uses fopen and fwrite to store the information in the flatfile along with mail() to forward the entry to mail/*
}
else if($action=="view"){
/* retrieves the fileconent of the storage file as well as the counter file to limit the number of entries displayed on page
/*
else {
/* Now here I've pondered that the problem lies... It's just set with an echo meta refresh of the entire file. Don't ask me why I did it like this... sloppy coding, I do not know. */
}
Anyone able to help and I'd be very, very grateful.
