Comments on: Exploiting PHP SELF http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/ A tool for designers dealing with programmers dealing with designers... Mon, 15 Mar 2010 06:31:21 +0000 http://wordpress.org/?v=2.6.2 By: Ruggie http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1559 Ruggie Sat, 23 May 2009 00:19:30 +0000 http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1559 Use SCRIPT_NAME instead of PHP_SELF Use SCRIPT_NAME instead of PHP_SELF

]]> By: dry_gin http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1555 dry_gin Thu, 14 May 2009 21:04:59 +0000 http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1555 I mean you could probably spam in emails a crafted link to legitimate web site, where at the end of file name it will send user cookies for example to some web-based email sender. so the link will look ok in spammer's email, and so users will probably click on it... ok, i guess it make sense to validate php_self after all... I mean you could probably spam in emails a crafted link to legitimate web site, where at the end of file name it will send user cookies for example to some web-based email sender.
so the link will look ok in spammer’s email, and so users will probably click on it…
ok, i guess it make sense to validate php_self after all…

]]> By: dry_gin http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1554 dry_gin Thu, 14 May 2009 20:54:03 +0000 http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1554 What kind of harm this could possibly (but realistically) do, except for displaying some modified html to the "hacker" HIMSELF (only) ? i mean i don't see a way to alternate php code itself or displaying some useful info like database structure or php source code using this exploit... please explain! What kind of harm this could possibly (but realistically) do, except for displaying some modified html to the “hacker” HIMSELF (only) ?
i mean i don’t see a way to alternate php code itself or displaying some useful info like database structure or php source code using this exploit…
please explain!

]]> By: Jszym http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1477 Jszym Wed, 11 Mar 2009 00:22:43 +0000 http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1477 @j squid, local/relative urls are fine and dandy however is not always a possible solutions. Certain senarios simply require a full path. Let's say for example that I want to redirect ppl to the former page so you need to pass the current page to the next. PHP_SELF is very useful. Just escape and validate properly and you'll be fine. @j squid, local/relative urls are fine and dandy however is not always a possible solutions. Certain senarios simply require a full path.

Let’s say for example that I want to redirect ppl to the former page so you need to pass the current page to the next. PHP_SELF is very useful. Just escape and validate properly and you’ll be fine.

]]> By: j squid http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1379 j squid Sun, 21 Dec 2008 06:51:36 +0000 http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1379 Um... have people never heard of local/relative urls???? saying <a href='<?php echo $_SERVER[PHP_SELF]?>/cow/lame.php'>link</a> is a retarded waste of time. try <a href='cow/lame.php' >link</a> or for a form action, action=''.... not 'action='<?php blah blah self?> it's such a waste of time. Um… have people never heard of local/relative urls????

saying <a href=’<?php echo $_SERVER[PHP_SELF]?>/cow/lame.php’>link</a> is a retarded waste of time.

try <a href=’cow/lame.php’ >link</a> or for a form action, action=”…. not ‘action=’<?php blah blah self?>
it’s such a waste of time.

]]> By: nuntius http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1291 nuntius Wed, 27 Aug 2008 14:23:46 +0000 http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1291 Bipin, Busby is wrong, apparently he doesn't understand what this page is about... this is how you do it. Note however, that as this page is describing, this can be exploited. <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <!-- My Form --> </form> Check out this page also: http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html Bipin, Busby is wrong, apparently he doesn’t understand what this page is about… this is how you do it. Note however, that as this page is describing, this can be exploited.

<form method=”post” action=”<?php echo $_SERVER['PHP_SELF']; ?>”>
<!– My Form –>
</form>

Check out this page also:
http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html

]]> By: Busby SEO Challenge http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1282 Busby SEO Challenge Tue, 12 Aug 2008 03:31:01 +0000 http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1282 If you want to past variable on the same page you need to pass it by using GET statement. If you want to past variable on the same page you need to pass it by using GET statement.

]]> By: bipin http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1240 bipin Tue, 27 May 2008 08:13:09 +0000 http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1240 <form method=POST action="<?php echo $PHP_SELF;'SelectedState=$SelectedState' ?>" > in the above line i am trying to pass a variables value onto the same page but its not working can anyone suggest me the syntax <form method=POST action=”<?php echo $PHP_SELF;’SelectedState=$SelectedState’ ?>” >

in the above line i am trying to pass a variables value onto the same page but its not working can anyone suggest me the syntax

]]> By: Diego http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1075 Diego Tue, 15 Jan 2008 05:53:08 +0000 http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1075 the test 1 fails on PHP 5.2.4 without any special extension, etc The error I get is "Warning: Header may not contain more than a single header, new line detected. in /var/www/htdocs/php_self.php on line 4" The other 3 tests do work as expected. the test 1 fails on PHP 5.2.4 without any special extension, etc
The error I get is “Warning: Header may not contain more than a single header, new line detected. in /var/www/htdocs/php_self.php on line 4″
The other 3 tests do work as expected.

]]> By: Guillaume Rossolini http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1074 Guillaume Rossolini Mon, 14 Jan 2008 23:55:37 +0000 http://www.thespanner.co.uk/2008/01/14/exploiting-php-self/#comment-1074 Hi, You might want to escape the variable in header() by calling either urlencode(), and that should be enough. Please remember that each output medium has its proper escaping mechanism. The injection there happens mostly because you don't escape the output. Regards, Hi,
You might want to escape the variable in header() by calling either urlencode(), and that should be enough. Please remember that each output medium has its proper escaping mechanism. The injection there happens mostly because you don’t escape the output.
Regards,

]]>