patternphpMinor
Pinging the user requested host - is this code insecure?
Viewed 0 times
thisthepinginguserinsecurehostcoderequested
Problem
", passthru("ping -n $times $e"),"";}
else {
echo "The URL or IP $e isn't valid ";
}
?>This code is pinging the user requested host. Is this code insecure because I am using the
passthru() function?I am using
explode to know if it's domain.com or just text and a regular expression to validate its not texttext.text. Is there way for the user to access my terminal with this?Solution
Your regular expression for detecting valid urls is very weak and you can slip a lot past it.
Though you have used escapeshellcmd() to protect yourself a bit from people trying to run alternative commands you have not protected yourself from people sending extra parameters to ping.
Two alternative attacks spring to mind:
An example of sending extra bytes with ping (I put your script in the file test.php on myhost (not real name).
http://myhost.com/test.php?host=plop.com%20-s%20500
Generates:
Though you have used escapeshellcmd() to protect yourself a bit from people trying to run alternative commands you have not protected yourself from people sending extra parameters to ping.
Two alternative attacks spring to mind:
- You can overload your servers by making them send lots of useless packets in the ping requests.
- You can use your servers as the host for an attack on somebody else.
An example of sending extra bytes with ping (I put your script in the file test.php on myhost (not real name).
http://myhost.com/test.php?host=plop.com%20-s%20500
Generates:
ping -n 0 plop.com -s 500Code Snippets
ping -n 0 plop.com -s 500Context
StackExchange Code Review Q#4974, answer score: 4
Revisions (0)
No revisions yet.