View RSS Feed

Carnage

Security much?

Rate this Entry
Minor rant i've been meaning to post to the programming forum for a while but never got arround to it... The following example is based on some code i was asked to review for security a while back I still can't believe anyone would do something like this and cannot understand why they can't see the problem with it.

PHP Code:

foreach($_REQUEST as $key => $value)
{
        
$str .= $key "=" $value "|";
}

mysql_query("INSERT INTO table (userinput) values (" addslashes($str) . ");"); 
Then in a later script to retrieve the values:

PHP Code:

//assume $row['userinput'] contains the string retrieved from the mysql db.

$vars explode("|",$row['userinput']);

foreach(
$vars as $val)
{
        
$tmp explode("=",$val);
        $
$tmp[0] = $tmp[1];

Am I the only one who sees something wrong with that code?

Submit "Security much?" to Digg Submit "Security much?" to del.icio.us Submit "Security much?" to StumbleUpon Submit "Security much?" to Google

Updated 24th October 2007 at 05:48 AM by Carnage

Categories
/php , /dev

Comments

  1. snoop's Avatar
    There's obviously nothing wrong with it... he uses ADDSLASHES!
  2. Emtsuj's Avatar
    Fatty only sees pretty colored text. Fatty's pizza is late. Fatty MAD!
  3. snoop's Avatar
    I'll give you a hint, CROSS SITE SCRIPTING VULNERABILITY! Oh and also this code is written hackishly ugly.
  4. Logopolis's Avatar
    Dear Carnage,

    In answer to your question, yes.

    Yrs,

    Dr. JM Gonzo
  5. scyld's Avatar
    u can jus higher a gurd dgz 4 ur sicurotee
  6. trebach's Avatar
    It also violates first normal form on the database if the keys are constant.