ASPit - Totally ASP JSit - Totally JavaScript
Search PHPit

Use this textbox to search for articles on PHPit. Seperate keywords with a space.

Advertisements
« Previous An Extensive Examination of the PHP:DataGrid Component: Part 2
PHP:Form Series, Part 2: Formtypes & Setting Default Values Next »

PHP & Security: 3 Example Exploits

(Page 3 out of 3)

A CSRF (Cross-Site Request Forgery) attack is really unique and interesting attack, but very uncommon, probably because it's so hard to pull off as a hacker. A malicious website, run by the hacker, causes the user ("you") to load a URL (of a different website) in the background, which causes a change on the server. Because the URL is loaded in your browser, it has all the credentials you have. So if you were logged into the admin control panel of that website, and the URL pointed to a deleteall.php file, everything could be deleted.

Pretty much anything is possible using CSRF, and attackers could make your browser do anything using clever JavaScript. But it's extremely hard to get all the circumstances right, and it hardly ever happens. However, to see it in action, check demo 3. For this to work, you must use Google Search History and be logged into your account (see - even now it's already hard to pull off).

How do you protect against this exploit?
Protecting your scripts against CSRF attacks is extremely hard to do, and a really dedicated attacker will likely succeed anyway. But there are still steps you can take to make it harder.

First of all, make sure that any forms that change data (add/edit/delete) are POST only. GET requests should not be able to change anything.

Secondly, include a secret token with your forms, which also expire after a certain period of time. This will prevent almost any kind of CSRF attack, and is extremely different to counter.

Finally, don't worry too much about CSRF attacks. Although they are out there, it's likely you won't ever have to deal with it, and even so, it's an easy fix. If you're interested have a look on http://www.squarefree.com/securitytips/web-developers.html#CSRF for more information about CSRF attacks.

Conclusion

In this article I've given you three examples of exploits that can be used to abuse your PHP scripts. These are a lot more exploits, and I'm willing to bet there are more than 100 ways to attack a PHP script. Security isn't easy, but it is a necessity. That's why it should be your top priority.

I hope I've shown you something new about security in PHP, and that your contact forms and view source scripts are now secure!

« Previous: Security Case #2 - View Source Scripts



This article was posted on Saturday, October 1st, 2005 at 1:41 am. You can follow any responses to this article through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “PHP & Security: 3 Example Exploits”

  1. timvw Says:
    November 3rd, 2005 at 2:51 am

    I think you’re better off with http://www.php.net/realpath to find out if the base path is really what you want it to be..

    Anyway, a lot of articles on php and security can be found at http://www.phpsec.org :)

Leave a Reply

About the author
Dennis Pallett is the main contributor to PHPit. He owns several websites, including ASPit and Chill2Music. He is currently still studying.
Article Index
  1. Introduction
  2. Security Case #2 - View Source Scripts
  3. Security Case #3 - CSRF Attacks
Bookmark Article
Add to Blink
Add to Del.icio.us
Add to Digg
Add to Furl
Add to Google
Add to Simpy
Add to Y!MyWeb
Add to Spurl
Download Article
PDF
Download this article as a PDF file