professional article on topics like Html,javascript,jquery,php , mysql etc.

Vulnerability by PHP $_REQUEST


What the hell is this php $_REQUEST


With $_REQUEST you can access GET, POST,and cookies, $_GET['id'] or $_POST['id'] COOKIES['id'] can be simply accesed as $_REQUEST['id'].

Order/priority for input source

 Two php ini variable the older gpc_order and the newer variables_order. Both settings reflect the relative priority of each input source. The default order for gpc_order is GPC (for GET, POST, cookie, respectively), where cookie has the highest priority and the default order for variables_order is EGPCS (system Environment, GET, POST, cookie, Server environment, respectively). So, if parameter a id is supplied via
a GET and a cookie, the cookie’s value for id is preferred.

Vulnerability with php $_REQUEST


While  $_REQUEST seems convenient, and one can have no problem with conflating GET and POST parameters. but the problem is that it also by default include $_COOKIE and no developer will ever want to treat them same as GET and POST.

Think of a situation where you allow a user to see a text content when a cookie is set
if(isset($_REQUEST[‘id’])){ //here request variable comes from a cookie
echo "you can see this";
}else{
echo "sorry";
}
An intruder can just call the script with id as url parameter ?id=9 and see the value which is allowed only if id value is set by a cookie.So

Don't worry be brave use best approach against php $_REQUEST


its always better to  just use the input method-specific superglobals instead.
if(isset($_COOKIE[‘id’])){
echo "you can see this";
}else{
echo "sorry";
}

Though $_REQUEST  could be a very basic level of threat and as a programmer(any language) you need to always take care of several other big threats things like -  SQL injection, CSRF, session fixation attacks etc. in your code. But still it better to start code by keeping in mind even this kind of basic detail.

More on  PHP Secure Coding 



7 comments:

Setu Bridge said...

You have shared really such a nice information which is helped me so much and I think it will help to many other people.

magento development

Rahul vijayvergiya said...
This comment has been removed by the author.
FlyFishJJA said...

4 years = guru != true.

Anonymous said...

May be rising of guru...

Chris said...

This is *not* a "vulnerability". This is a "best practice" at best...sure, using $_REQUEST irresponsibly can *lead* to vulnerabilities, but the issue isn't with $_REQUEST itself (nor PHP, which is doing what it should in this case).

$_REQUEST is a convenience variable and, in reality, should never be used when you can use the more specific superglobal (like $_POST or $_GET) as you mention.

Zach Burnham said...

Is this a joke? $_POST, $_GET, and $_COOKIE can all be manipulated by the client. Use sessions instead.

Anonymous said...

Hi, Chris

As you are saying that it is more about best practice and if used irresponsibly it lead to vulnerabilities. I just like you are trying to say that a gun is just for Human Safey, It's a weapon ONLY if used irresponsibly :)

Post a Comment

Share This

© 2011 PHP Tweak- advance php,javascript,html article, AllRightsReserved.