Current location: Hot Scripts Forums » Programming Languages » PHP » cross site scripting


cross site scripting

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-05-04, 07:25 PM
morlack morlack is offline
New Member
  
Join Date: Feb 2004
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
cross site scripting
Now I'm sure there are better more sophisticated ways to do this.
But I'm a php noob so here we go :

Code:
// the URL of the submission form
$formURL = array('http://www.blah.biz/testform.php', 'www.blah.biz/testform.php', 'blah.biz/testform.php');

// prevent off-site use
if ($HTTP_REFERER != $formURL) {
die("Illegal use.");
}


The scripts returns "Illegal Use" eveytime although I come from page specified in $formURL.

Can someone help?
Reply With Quote
  #2 (permalink)  
Old 02-06-04, 04:34 AM
NeverMind's Avatar
NeverMind NeverMind is offline
Community VIP
  
Join Date: Aug 2003
Location: K.S.A
Posts: 2,257
Thanks: 0
Thanked 2 Times in 1 Post
try using this :
PHP Code:

// prevent off-site use

if ($HTTP_REFERER !== $formURL) {

die("Illegal use.");
use double equals for any IF statment..
__________________
PHPSimplicity
We don't need a reason to help people - Zidane [FF9]
Reply With Quote
  #3 (permalink)  
Old 02-09-04, 12:51 PM
morlack morlack is offline
New Member
  
Join Date: Feb 2004
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
if(strpos($_SERVER["HTTP_REFERER"], "blah.biz/testform.php") === FALSE)
die("Illegal use");

as does:

if( !in_array($_SERVER["HTTP_REFERER"], $formURL )
die("Illegal use.");


The above works well.

I didn't get to try your code yet but I will do - thanks Nevermind!
Last edited by morlack; 02-09-04 at 12:55 PM.
Reply With Quote
  #4 (permalink)  
Old 02-11-04, 08:00 AM
joachimseitz joachimseitz is offline
New Member
  
Join Date: Jun 2003
Location: Germany
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
your first one done work because its an array

!== dont think that works

i have a question to this as well

$_SERVER["HTTP_REFERER"]
doesnt work for everyone, dont ask me why but it doesnt, can someone tell me how for example to make it work on IE?
Last edited by joachimseitz; 02-11-04 at 08:05 AM.
Reply With Quote
Reply

Bookmarks

« Twenty Million DB Entries | Chmoding files with php... »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
The Art Nexus seeking PHP programmers TheArtNexus Job Offers & Assistance 5 02-26-08 03:08 AM
Making the site of ur life ~SaraAnders~ The Lounge 10 04-18-04 11:04 AM
hosting site looking for site exchange leamhost.com Traffic Exchange 4 01-09-04 01:00 PM
I developed a site .... Adi New Members & Introductions 3 08-23-03 11:02 AM
Does anyone know what type of script this site uses The Probuilder Script Requests 3 08-22-03 02:03 PM


All times are GMT -5. The time now is 08:42 AM.
vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.