Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PHP possible header redirection exploit?

Tags:

php

I was thinking the other day, if someone is protecting their pages like this :

if(!$logged_in)
    {
        header("Location:http://mysite/login.php");
    }

    // protected content here

is there any way to ignore the HTTP Header redirect at the browser level and then display the protected content that follows it ?

like image 871
YD8877 Avatar asked Mar 13 '26 14:03

YD8877

1 Answers

Yes, because using the header() function merely sets a header. The server will continue running the rest of the PHP script, rendering the protected content

You'll want to do this instead

if(!$logged_in)
    {
        header("Location:http://mysite/login.php");
        exit();
    }
like image 161
Dlongnecker Avatar answered Mar 16 '26 04:03

Dlongnecker
Sign in to Comment

Related questions

How can I create a mail server?
jQuery $.get() Array Returns [object Object]
Kohana orm order asc/desc?
$_POST in php 5.3.5 does not work
Calling user defined functions in PHP eval()
Email help - php mail() or SMTP

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!