这个PHP重定向不安全? [英] Is this PHP redirect insecure?
问题描述
继承人代码:
header(Location:http://example.com/search/ {$ _POST ['term']} / {$ _POST [ '类型']});
我正在重定向的网站也会进行验证&他们身边的消毒,但我担心的是 - 这种重定向不安全(在我的身边 - 看到我直接使用 $ _ POST 的)。
感谢所有帮助。
PS:刚开始觉得好奇,因为我一直认为使用unsanizited用户输入是危险的(或至少适用于XSS和SQLi)。
总体而言,对于运行现代版本PHP ,它是安全的。
手边有两个问题:
/ search / * / * 表单的任何页面用您的重定向发布到页面的恶意页面。 (请注意,它们不限于 / search 后面的两个斜杠,因为它们的POST变量可能包含斜线。)这与向某人传递缩短的bit.ly重定向URL他们,所以它不是太糟糕。 HTTP响应分裂。如果恶意用户在他们的POST数据中包含换行符(特别是CRLF / \r\\\),可能会导致您的
头()调用来输出多个头,包括设置cookie的头等等。但是,从PHP 5.1.2开始,已修复。
Hmm I can't really indentify any insecurities but was wondering whether you can, if so how to possibly patch/mend?
Heres the code:
header("Location: http://example.com/search/{$_POST['term']}/{$_POST['type']}");
The site which i'm redirecting too does the validation & sanitization on their side, but what I'm concerned about is - is this redirecting insecure in any way (on my side - seeing as I'm using direct $_POST's).
Appreciate all help.
PS: Just became curious as I've always thought using unsanizited user input is dangerous (or atleast that applies to XSS and SQLi).
Overall, for most websites running a modern version of PHP, it is secure.
There are two concerns at hand:
- A malicious user may be able to trick a victim into unwittingly visiting any page of the form
/search/*/*on the site by linking them to a malicious page that POSTs to the page with your redirect. (Note that they are not limited to just two slashes after/searchbecause their POST variables may contain slashes.) This is similar to handing someone a shortened bit.ly URL that redirects them, so it's not too bad. - HTTP response splitting. If a malicious user includes newlines (specifically, CRLF /
\r\n) within their POST data, they can cause yourheader()call to output multiple headers, including headers to set cookies, and so on. However, as of PHP 5.1.2 this has been fixed.
这篇关于这个PHP重定向不安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
