HiveBrain v1.2.0
Get Started
← Back to all entries
patternphpMinor

Pinging the user requested host - is this code insecure?

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
thisthepinginguserinsecurehostcoderequested

Problem

", passthru("ping -n $times $e"),"";}
        else {
            echo "The URL or IP $e isn't valid ";
    }
?>


This code is pinging the user requested host. Is this code insecure because I am using the passthru() function?

I am using explode to know if it's domain.com or just text and a regular expression to validate its not texttext.text. Is there way for the user to access my terminal with this?

Solution

Your regular expression for detecting valid urls is very weak and you can slip a lot past it.

Though you have used escapeshellcmd() to protect yourself a bit from people trying to run alternative commands you have not protected yourself from people sending extra parameters to ping.

Two alternative attacks spring to mind:

  • You can overload your servers by making them send lots of useless packets in the ping requests.



  • You can use your servers as the host for an attack on somebody else.



An example of sending extra bytes with ping (I put your script in the file test.php on myhost (not real name).

http://myhost.com/test.php?host=plop.com%20-s%20500

Generates:

ping -n 0 plop.com -s 500

Code Snippets

ping -n 0 plop.com -s 500

Context

StackExchange Code Review Q#4974, answer score: 4

Revisions (0)

No revisions yet.