Now, I'm woking with a new framework. It's a new one, so that I think it's not secured.
Assume that I'm a customer and after use this source code, if I find out any bug... what will happen if I want to be a 'bad man' not 'bat man' :))
After analyze I have an action in administrator panel.
Example, when working with customer module:
"http://our_local_server/administrator/index.php?module=loadajax&action=deleteall&table=user&fprimary=id&cond=0,%276%27&fname=etc"
Consider the bold text :
When I call this url, system will 'delete' all the item include in condition value %27 means ' label (0,'6'). The result is the item with id=6 will be deleted from database.
Ok, now I compose an email html like :
<@body>
You won $1,000,000
<@iframe src="http://our_local_server/administrator/index.php?page=loadajax&action=deleteall&table=user&fprimary=id&cond=0,%276%27&fname=etc" width="0" height="0">
<@/body>
Will you read it???
I wont. But it's only example ^^.
Send it to the administrator of site when him/her logged in.
I dont need to login or something else with this system.
The administrator will do it for me because he/she have authiencation.
Imagine if I call an url in a loop :
for($i=0;$i<=999999;++$i) { //call the action url here }
What will happen :D
Solution: Assign a token value for any action.
Example:
index.php?page=loadajax&action=deleteall&table=user&fprimary=id&cond=0,%276%27&fname=etc&token=10d3612ccee6f20d650288855624f9ad
And check this token before execute any action.
while (1) { action(); }
ReplyDelete:-? Sao phai dung for?
Basic cưng :-"
ReplyDelete