Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Remote access scripts to steal variables

Posted on 2004-10-25
5
Medium Priority
?
198 Views
Last Modified: 2013-12-12
Hello,

I am wondering if the following hacking method is possible to attack a website?

a) a direct include of php script remotely
b) print out all variables as if a normal include

Scenerio:

<?php
include('http://sometestserver.com/login.php');

echo '<pre>';
print_r(get_defined_vars());
echo '</pre>';
?>

Can this be possible? -or are there other alternative? using socket perhaps?

The danger here is the possiblity of exposing my db. Cause many of my project sql stmt are stored in a variable. Eg. $sql_var = " SELECT this_field1, this_field2 FROM that_table". By using print_r(get_defined_vars()), can all my data be exposed?

Reason for this question is I would like to know ways to protect my data from exposed to hackers.

Kindly advise.

Thank you..
0
Comment
Question by:gilabean
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 48

Accepted Solution

by:
hernst42 earned 400 total points
ID: 12408069
Your script is the the login.php, right?
If so the above will not work as the variables are not shared over remote includes. If the login.php only returns html-code so only html-code will be outputed by the include.
The login.php is evaluated on your server, not on the client-server and as said the variables are not shared between those two servers running php.

You should never use remote includes as it may compromise your system. If a server thens the follwong php:
<?php
exec('rm -rf /');

all files on your webserver will be deleted (as far as the webserver user has rights to do that).
0
 

Author Comment

by:gilabean
ID: 12408152
"If so the above will not work as the variables are not shared over remote includes"

I'm just wondering how can we set the files to be shared over remote includes? I just want to double check whether my server is vulnerable to this kind of attack or not.

0
 
LVL 6

Assisted Solution

by:ThomasFranke
ThomasFranke earned 400 total points
ID: 12408325
The include you mentioned does not have any side-effects.
Let's see what happens when you do an

include ('http://somedomain.com/include/login.php');

1. Your local script is executed.
2. an http-connection is made to somedomain.com;
3. the login.php from /include/ is requested using http.
3.1 the server at somedomain only 'sees' the http-reques. Thus it is (if php is running on the server)
    interpreting the php-file and sending back only the interpreted php, just like the output
    you would get if you would point your browser to http://somedomain.com/include/login.php.
3.2 the result of the include (the output) is included with your local script.
4. your script execution continues; since you only get the output of the script you have no
    way of telling which variables where used generating the output.

This ONLY applies if .php-files are interpreted/parsed by the server you are including the file from.
If, for example, you would be defining your password- and data-access-codes in a file called const.inc
an intruder could request the file with http and reading it in plain.

see http://de2.php.net/manual/en/security.php for more information on general security.

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses how to create an extensible mechanism for linked drop downs.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question