Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
Chvanikoff2011-10-13 00:31:34
PHP
Chvanikoff, 2011-10-13 00:31:34

The question of the security of writing data to the session without filtering in php?

Hello!
On the one hand, I understand that it is necessary to filter all the data that the user can influence, without exception.
On the other hand, I would like an example of a real threat from writing data to a session, for example, by accessing an unfiltered _GET array (without a specific place of use - it is interesting that there is a vulnerability at the level of adding data, and not reading from the session):

Session::instance()->set('somedata', $_GET['somevar']);

PS: the question is purely for the sake of curiosity and has nothing to do with real projects.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
W
WikiLeaks, 2011-10-13
@WikiLeaks

On 98% of servers, PHP stores sessions in strictly defined folders (10 options in total, maximum), and in 99% with the name sess_[a-z0-9]+.
If you write unfiltered data to the session, you can save it to the server disk. for example, a web shell, and if there is a local-include vulnerability, it will be possible to execute it.
That is, by itself, writing arbitrary data to a session does not pose a threat, but can be used to exploit other vulnerabilities.
Usually includes log files (previously leaving malicious code there), but they are very often not readable with php rights.
But finding the path to the session file is very simple, which means it facilitates a potential hack.

Report
M
Max, 2011-10-13
@7workers

There is a boundary beyond which all code considers data safe. When crossing the border, the data needs to be filtered. Specifically, with sessions in PHP, it can happen that if you decide to store them in the database, you will get an injection.

Report
A
AFoST, 2011-10-13
@AFoST

Here , read the item ==[2]== Sessions . Maybe it will help.

Report
G
Gibbzy, 2011-10-13
@gibbzy

Yes, nothing terrible, it seems, should not happen, well, they will write any kind of kaku there, well, it will be stored there as a string. The question, of course, is how this line will be used later, but if at the record level, I think that everything is safe.
Another question is what to filter, everything is better at the input.

Report
R
Renat Ibragimov, 2011-10-13
@MpaK999

Depending on who will be your session handler (as an example php.ini - session.save_handler)
For example, if you decide to store session data in a Database, such as MySQL or Postgre, then it would be nice to filter the data from SQLinjection, in the session class itself or in request handler.

Similar questions
H
Healis2022-01-16 18:03:19
How to apply a gradient to an image so that the gradient does not go beyond the edges? 2Reply
S
Steve2022-01-20 23:47:23
How to hide the real path to css? 3Reply
O
Ob1van2016-06-24 15:03:47
How to correctly configure suricata ips in af_packet mode ubuntu 16.04 server behind a transparent TOR gateway. Is it possible? 1Reply
S
sl02020-09-28 23:18:33
Is it possible to make a background like this with pure css? 3Reply
T
thehighhomie2018-11-30 12:28:13
Plugin to generate PDF from JavaScript? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question