Jump to content

Php Security


driz
 Share

Recommended Posts

Hi just got told this:

A malicious user might append ";ls -la" to that value and thereby see a listing of your Website's html directory. An extremely malicious user could append ";rm -rf *" to the value and delete your entire Website!
The person was referring to a simple I|0 guestbook I had built, what exactly does he mean? How does one add those values and what do they do? I tried typing one of them into my input box and submitting the form and all was well? So what is the problem? :/
Link to comment
Share on other sites

rm is the Linux command to delete a file.It's not true to say that any input field is at risk. It matters what you do with the data in PHP. If you're using user input data in a shell or system command, as a parameter to open a file, in a database query, etc then there might be an issue if you're not sanitizing the data before using it. If you're not using the user input for things like that then it shouldn't be a problem. The basic principle is to not allow user data into commands unless you sanitize first. User data that isn't part of a command isn't going to be a problem to anything, it's just data.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...