Solved

Remote access scripts to steal variables

Posted on 2004-10-25
192 Views
Last Modified: 2013-12-12
Hello,

I am wondering if the following hacking method is possible to attack a website?

a) a direct include of php script remotely
b) print out all variables as if a normal include

Scenerio:

<?php
include('http://sometestserver.com/login.php');

echo '<pre>';
print_r(get_defined_vars());
echo '</pre>';
?>

Can this be possible? -or are there other alternative? using socket perhaps?

The danger here is the possiblity of exposing my db. Cause many of my project sql stmt are stored in a variable. Eg. $sql_var = " SELECT this_field1, this_field2 FROM that_table". By using print_r(get_defined_vars()), can all my data be exposed?

Reason for this question is I would like to know ways to protect my data from exposed to hackers.

Kindly advise.

Thank you..
0
Question by:gilabean
    3 Comments
     
    LVL 48

    Accepted Solution

    by:
    Your script is the the login.php, right?
    If so the above will not work as the variables are not shared over remote includes. If the login.php only returns html-code so only html-code will be outputed by the include.
    The login.php is evaluated on your server, not on the client-server and as said the variables are not shared between those two servers running php.

    You should never use remote includes as it may compromise your system. If a server thens the follwong php:
    <?php
    exec('rm -rf /');

    all files on your webserver will be deleted (as far as the webserver user has rights to do that).
    0
     

    Author Comment

    by:gilabean
    "If so the above will not work as the variables are not shared over remote includes"

    I'm just wondering how can we set the files to be shared over remote includes? I just want to double check whether my server is vulnerable to this kind of attack or not.

    0
     
    LVL 6

    Assisted Solution

    by:ThomasFranke
    The include you mentioned does not have any side-effects.
    Let's see what happens when you do an

    include ('http://somedomain.com/include/login.php');

    1. Your local script is executed.
    2. an http-connection is made to somedomain.com;
    3. the login.php from /include/ is requested using http.
    3.1 the server at somedomain only 'sees' the http-reques. Thus it is (if php is running on the server)
        interpreting the php-file and sending back only the interpreted php, just like the output
        you would get if you would point your browser to http://somedomain.com/include/login.php.
    3.2 the result of the include (the output) is included with your local script.
    4. your script execution continues; since you only get the output of the script you have no
        way of telling which variables where used generating the output.

    This ONLY applies if .php-files are interpreted/parsed by the server you are including the file from.
    If, for example, you would be defining your password- and data-access-codes in a file called const.inc
    an intruder could request the file with http and reading it in plain.

    see http://de2.php.net/manual/en/security.php for more information on general security.

    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    A colleague recently asked me about how to give his client a small part of the web site that could be completely under the client's control.  Since I have done this sort of thing before to add emergency banners to a web site, I decided I would creat…
    Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    The viewer will learn how to count occurrences of each item in an array.

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now