Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by metallicrazy

  1. Yeh I am going to need to review what limitations I want to put on inputs. I do appreciate the feedback, it is giving me a lot to think about. Il allow the underscore but need to ensure I'm restricting all common dangerous functions that contain them. It is important that I find a solution to the concat work around though as that is a major loophole. If I were to cut back on restrictions, what would the main ones that should stay be?
  2. Is there a solution?Perhaps removing quotes, dots and white space before running the check?
  3. Thank you for the response. I have compiled a comprehensive list of functions that I could think of, some of which may need to be removed but figured I'd plug the hole and then only open passages where necessary. The function is to test the user input from a text area inside a web app for the banned words.Your are correct, the application is intended to demonstrate the basic functionality of php and not advanced functionality. I have never been taught during my time at uni how to modify a php.ini file. Can you link me to a tutorial?
  4. I am trying to create a comprehensive php e-learning environment for my honours project that will have a "try it yourself" editor. (limited of course). If you want to help me build the security and be part of my testing focus group, please see my forum page. http://w3schools.inv...l=&fromsearch=1
  5. I am currently creating an e-learning application for my honours project (This will not go live or be distributed for profit) that teaches php to brand new users however there will obviously be experienced users using the application as well and they will try to attack it or bring it down. My code to process the user input for malicious code strings before it is run thru an eval(); is below.If any of the banned words are found it returns false and the user input never gets near an eval() function. If no banned words are found then it returns true and the input (PHP CODE) is run thru an eval(); and the results checked to see if the user input had the desiered effect (e.g. change the value of a local variable inside a function) Any major security issues that anyone can see or advice on making my applicaton more secure is greatly appreciated. P.s. Any feedback used in the application will be 100% referenced to avoid accusations of plagerism. function checkPHP($input){// array of denied words.$deniedWords = array( //PHP tags '<?', '?>', '?', 'PHP', 'script', //Session Variables '$_SESSION', '$_GET', '$_POST', '$_GLOBALS', '$HTTP_POST_VARS', 'GLOBAL', 'SESSION', 'SERVER', 'GET', 'POST', 'COOKIE', 'REQUEST', 'FILE', //Escape chars on session variables '$_', "'_'", "'\$'", "'\_'", '\$', '\_', "$'", "'$", "_'", "'_", '\\', '/', '_', //Commands that parse code as PHP 'INCLUDE', 'REQUIRE', 'EVAL', //Shell commands 'SYSTEM', 'EXEC', '`', 'SHELL', 'passthru', 'popen', 'DROP', //PHP core functions 'magic_quotes', 'base64_decode', 'scandir', 'file_', 'unlink', 'get_defined_functions', 'get_defined_vars', 'get_defined_constants', 'get_loaded_extensions', 'assert_options', 'assert', 'dl', 'extension_loaded', 'gc_collect_cycles', 'gc_disable', 'gc_enable', 'gc_enabled', 'get_cfg_var', 'get_current_user', 'get_defined_constants', 'get_extension_funcs', 'get_include_path', 'get_included_files', 'get_loaded_extensions', 'get_magic_quotes_gpc', 'get_magic_quotes_runtime', 'get_required_files', 'getenv', 'getlastmod', 'getmygid', 'getmyinode', 'getmypid', 'getmyuid', 'getopt', 'getrusage', 'ini_alter', 'ini_get_all', 'ini_get', 'ini_restore', 'ini_set', 'magic_quotes_runtime', 'main', 'memory_get_peak_usage', 'memory_get_usage', 'php_ini_loaded_file', 'php_ini_scanned_files', 'php_logo_guid', 'php_sapi_name', 'php_uname', 'phpcredits', 'phpinfo', 'phpversion', 'putenv', 'restore_include_path', 'set_magic_quotes_runtime', 'set_time_limit', 'sys_get_temp_dir', 'version_compare', 'zend_logo_guid', 'zend_thread_id', 'zend_version', 'REFLECTION', 'apc_', 'apd_', 'error', 'debug_', 'restore_', 'trigger_', 'override_', 'rename_', 'inclued', 'flush', 'ob_', 'output_', 'overload', 'runkit_', 'wincache_', 'xhprof_', 'rewrite', 'file_exists', 'fopen', 'fwrite', 'fclose', 'ctype_alnum', 'realpath', 'is_file', 'chdir', 'mail', 'preg' );$found = "";for($i=0;$i<count($deniedWords);$i++){ $badWordFound = stristr($input, $deniedWords[$i]); if($badWordFound){ $found = $found."Do not use <span class=bold>".$deniedWords[$i]."</span> in you script. <br />"; }}if($found){ echo "For security reasons, some keywords and characters have been banned for use within user input. Currently your code contains banned words and will NOT be executed until these are removed: <br />" . $found; return false;}else{ return true;}}
  • Create New...