• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 202
  • Last Modified:

Remote access scripts to steal variables


I am wondering if the following hacking method is possible to attack a website?

a) a direct include of php script remotely
b) print out all variables as if a normal include



echo '<pre>';
echo '</pre>';

Can this be possible? -or are there other alternative? using socket perhaps?

The danger here is the possiblity of exposing my db. Cause many of my project sql stmt are stored in a variable. Eg. $sql_var = " SELECT this_field1, this_field2 FROM that_table". By using print_r(get_defined_vars()), can all my data be exposed?

Reason for this question is I would like to know ways to protect my data from exposed to hackers.

Kindly advise.

Thank you..
2 Solutions
Your script is the the login.php, right?
If so the above will not work as the variables are not shared over remote includes. If the login.php only returns html-code so only html-code will be outputed by the include.
The login.php is evaluated on your server, not on the client-server and as said the variables are not shared between those two servers running php.

You should never use remote includes as it may compromise your system. If a server thens the follwong php:
exec('rm -rf /');

all files on your webserver will be deleted (as far as the webserver user has rights to do that).
gilabeanAuthor Commented:
"If so the above will not work as the variables are not shared over remote includes"

I'm just wondering how can we set the files to be shared over remote includes? I just want to double check whether my server is vulnerable to this kind of attack or not.

The include you mentioned does not have any side-effects.
Let's see what happens when you do an

include ('http://somedomain.com/include/login.php');

1. Your local script is executed.
2. an http-connection is made to somedomain.com;
3. the login.php from /include/ is requested using http.
3.1 the server at somedomain only 'sees' the http-reques. Thus it is (if php is running on the server)
    interpreting the php-file and sending back only the interpreted php, just like the output
    you would get if you would point your browser to http://somedomain.com/include/login.php.
3.2 the result of the include (the output) is included with your local script.
4. your script execution continues; since you only get the output of the script you have no
    way of telling which variables where used generating the output.

This ONLY applies if .php-files are interpreted/parsed by the server you are including the file from.
If, for example, you would be defining your password- and data-access-codes in a file called const.inc
an intruder could request the file with http and reading it in plain.

see http://de2.php.net/manual/en/security.php for more information on general security.


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now