PEAK XOOPS - News in englishin japanese

Archive | RSS |
  
Poster : GIJOE on 2007-03-07 05:28:47 (9218 reads)


# php -r '$a=array("1"=>1);var_dump($a[1]);'
int(1)



# php -r '$a=array("1a"=>1);var_dump($a);'
array(1) {
  ["1a"]=>
  int(1)
}



# php -r '$a=array("0x1a"=>1);var_dump($a);'
array(1) {
  ["0x1a"]=>
  int(1)
}



# php -r '$a=array(0x1a=>1);var_dump($a);'
array(1) {
  [26]=>
  int(1)
}



# php -r '$a=array(""=>1);var_dump($a);'
array(1) {
  [""]=>
  int(1)
}



# php -r '$a=array(false=>1);var_dump($a);'
array(1) {
  [0]=>
  int(1)
}



# php -r '$a=array(true=>1);var_dump($a);'
array(1) {
  [1]=>
  int(1)
}



# php -r '$a=array(1.1=>1);var_dump($a);'
array(1) {
  [1]=>
  int(1)
}



# php -r '$a=array("1.1"=>1);var_dump($a);'
array(1) {
  ["1.1"]=>
  int(1)
}



# php -r '$a=array("01"=>1);var_dump($a);'
array(1) {
  ["01"]=>
  int(1)
}



# php -r '$a=array(-1=>1);var_dump($a);'
array(1) {
  [-1]=>
  int(1)
}



# php -r '$a=array("-1"=>1);var_dump($a);'
array(1) {
  [-1]=>
  int(1)
}



# php -r '$a=array("+1"=>1);var_dump($a);'
array(1) {
  ["+1"]=>
  int(1)
}


$_cachedModule_mid[intval($module->getVar('mid'))] =& $module;

0 comments

Poster : GIJOE on 2006-10-29 06:54:04 (11381 reads)

in englishin japanese
On site moving like PEAK XOOPS, we should return 301 instead of 302.
You should know php's header("Location:...") returns 302 if you don't send 301 additionally.
I've just fixed this


DocumentRoot
-- xoops_redirect.php
-- xoops/
---- .htaccess
---- index.html (dummy)


/xoops_redirect.php

<?php
$uri = strtr( substr( $_SERVER['REQUEST_URI'] , 6 ) , array( "\n" => '' , "\r" => '' ) ) ;

header( "HTTP/1.0 301 Moved Permanently" ) ;
header( "Location: http://xoops.peak.ne.jp".$uri ) ;
?>


/xoops/.htaccess

ForceType xoops_redirect
Action xoops_redirect /xoops_redirect.php

0 comments

Poster : GIJOE on 2006-06-25 18:20:31 (10976 reads)

in englishin japanese
This is the last chapter of BigUmbrella.
The code in (3) has two points should be argued.

- Is the check pattern OK?

preg_match( '/[<\'"].{15}/s' , $val , $regs )


<img src="(REQUEST)" />
<a href="(REQUEST)">

If this pattern exists, it is not enough.
Because "java-script:" attack can exploit it.
Thus, you should add such "java-script:" checker into the code of (3).

- Is it enough to check POST and GET?

Checking COOKIE sounds non-sense, because contaminated COOKIE means he/she has already been exploited.

Rather than cookie, you should add checking $_SERVER into the checker.
Don't forget adding $_SERVER['PHP_SELF'] , $_SERVER['PATH_INFO'] , $_SERVER['PATH_TRANSLATED'] , at least.


And don't forget BigUmbrella just protect from XSS attacking.
BigUmbrella can do nothing about ScriptInsertion attack.

You should learn XSS and ScriptInsertion are different attacks each other.


Poster : GIJOE on 2006-06-22 12:46:44 (9954 reads)

in englishin japanese
The simple pattern of BigUmbrella has 3 problems.

(A) XSS check should be done only for "Content-Type: text/html".
(B) ob_start() will increase server's load when php transfers a huge file.
(C) preview situation with html allowed.

For (B), you should disable ob fileter manually.


	// remove output bufferings
	while( ob_get_level() ) {
		ob_end_clean() ;
	}


For (C), you should disable BigUmbrella manually.

	define( 'BIGUMBRELLA_DISABLED' , true ) ;


Don't forget checking referer or ticket in the situation.

This is the modified code for (A) and (C).
I will argue about super variables of $_COOKIE and $_SERVER in next article.

Read more... | 987 bytes more |0 comments

Poster : GIJOE on 2006-06-21 15:27:40 (10639 reads)

in englishin japanese
This is the simple pattern of "Big Umbrella anti-XSS system".

(1) make a file.
eg) /usr/local/lib/php/bigumbrella.php


<?php
function bigumbrella_init() {
        foreach( $_REQUEST as $key => $val ) {
                if( preg_match( '/[<\'"].{15}/s' , $val , $regs ) ) {
                        $GLOBALS['bigumbrella_doubtfuls'][] = $regs[0] ;
                }
        }
        if( ! empty( $GLOBALS['bigumbrella_doubtfuls'] ) ) {
                ob_start( 'bigumbrella_outputcheck' ) ;
        }
}

function bigumbrella_outputcheck( $s ) {
        if( ! is_array( @$GLOBALS['bigumbrella_doubtfuls'] ) ) {
                return "bigumbrella injection found." ;
        }

        foreach( $GLOBALS['bigumbrella_doubtfuls'] as $doubtful ) {
                if( strstr( $s , $doubtful ) ) {
                        return "XSS found." ;
                }
        }
        return $s ;
}

$GLOBALS['bigumbrella_doubtfuls'] = array() ;
bigumbrella_init() ;
?>


(2) Insert a line into <VirtualHost> of your httpd.conf

php_value auto_prepend_file /usr/local/lib/php/bigumbrella.php

Else, you can also add it into php.ini

auto_prepend_file = /usr/local/lib/php/bigumbrella.php


If you use .htaccess, insert the line into .htaccess just under DocumentRoot.

To be continued (3) for better code...

0 comments

« 1 2 (3) 4 5 6 »
Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!