Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How "tamper proof" is the $_SERVER variable in php?

Tags:

security

php

tampering

Would I be taking a big security risk by trusting the content of the $_SERVER variable array to get the name of php file using $_SERVER['PHP_SELF']?

like image 261
CLJ Avatar asked Nov 22 '10 16:11

CLJ

1 Answers

Many but not all of the $_SERVER variables are attacker controlled. For instance $_SERVER['SCRIPT_NAME'] is safe where as $_SEVER['PHP_SELF'] is a vary dangerous variable and is often the source of xss:

<?php
echo $_SEVER['PHP_SELF'];
?>

PoC:

http://localhost/self.php/<script>alert(/xss/)</script>

It is easy to see this vulnerability in action by looking at phpinfo.

like image 181
rook Avatar answered Oct 06 '22 19:10

rook
Sign in to Comment

Related questions

Log file is not being written in Laravel 5.5
Laravel - keep getting log & framework data cache errors
Is there a good alternative to PHP's SOAP extension? [closed]
Secure password reset without sending an e-mail
Returning An Array of Objects in PHP Web Service
How to use jQuery in a facebook application
PHP equivalent of ASP.NET Application/Cache objects
HTTP if-none-match and if-modified-since and 304 clarification in PHP
Is there anything like Python's ctype for PHP? Accessing libraries without the need to write an extension?
Obscuring database id's
PHP AND SOAP. Change envelope
Accessing php $_SESSION from python (wsgi) - is it possible?
Solr vs. Sphinx for spatial search
Open Source Web PDF Viewer?
Uploadify Hanging at random on 100%
Are protected constructors considered good practice?
Hidden features of the Lithium framework? [closed]
How to prevent browser timeout in long-running processes?
Why does is_array() leak memory in PHP?
How to implement a random float function so that it does not lose entropy? (PHP)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!