Php Security

[driz]

Hi just got told this:

A malicious user might append ";ls -la" to that value and thereby see a listing of your Website's html directory. An extremely malicious user could append ";rm -rf *" to the value and delete your entire Website!

The person was referring to a simple I|0 guestbook I had built, what exactly does he mean? How does one add those values and what do they do? I tried typing one of them into my input box and submitting the form and all was well? So what is the problem? :/

[justsomeguy]

Well, that sort of depends on what your code does. If you're allowing user input into shell commands that's a problem.

[driz]

Well he claims any input field is at risk for instance, he claims using that code above will allow you to delete all the files for a website? What does that mean exactly? Type ;rm -rf * and then submit and deleted?

[justsomeguy]

rm is the Linux command to delete a file.It's not true to say that any input field is at risk. It matters what you do with the data in PHP. If you're using user input data in a shell or system command, as a parameter to open a file, in a database query, etc then there might be an issue if you're not sanitizing the data before using it. If you're not using the user input for things like that then it shouldn't be a problem. The basic principle is to not allow user data into commands unless you sanitize first. User data that isn't part of a command isn't going to be a problem to anything, it's just data.

[driz]

Is it possible to list a directory using a command in an input box then?

[justsomeguy]

It all depends what you're doing with the submitted data.

[driz]

Would you be able to show an example script? So I can see how it works, like a simple input form with some php code that would allow someone to exploit by typing ls -la and list all the files in that directory. Thanks.

[justsomeguy]

<?phppassthru($_GET['command']);?>

There you go, a PHP script that will execute anything sent to it as a system command.passthru.php?command=ls%20-la