NYCPHP Meetup

[Chris Shiflett]

--- Daniel Convissor <danielc at analysisandsolutions.com> wrote:
> You mean _improperly validated_ user input.  Come on, who would
> pass unsanitized user input to ANYTHING? :)

That's a good point. This is why I don't find most vulnerabilities to be a
concern. However, whenever there is a vulnerability in something people
use to filter data (even if it's not the best approach), I consider it to
be very serious. For example, this is from the Security Focus description
of the recent addslashes() vulnerability fixed in 4.3.10:

    <?php
    $whatever = addslashes($_REQUEST['whatever']);
    include("/path/to/program/" . $whatever . "/header.htm");
    ?>

    A malicious attacker might open the following URL, disclosing
    the boot.ini file:

    http://localhost/phpscript.php?whatever=../../../../boot.ini%00

That's not exactly a great way to be filtering something, but it
demonstrates that even those who try to adhere to some security practices
can still be affected by vulnerabilities.

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly     HTTP Developer's Handbook - Sams
Coming Soon                 http://httphandbook.org/