part of site's application process user must prove ownership of website. threw code until didn't realize there vulnerabilities it.
something this:
$generatedcode="9s8dfojdfoiesdsa"; $url="http://anydomaingivenbyuser.com/verification.txt"; if(file_get_contents($url)==$generatedcode){ //verification complete! } is there threat having user-provided url file_get_contents()?
edit: code above example. generatedcode bit more elaborate still string.
yes, possibly server side request forgery vulnerability - if $url dynamic, should validate external internet address , scheme specifies http or https protocol. ideally you'd use https protocol , validate certificate guard against dns hijacking possibilities.
if $url user controllable, substitute internal ip addresses , probe network behind firewall using application proxy. example, if set host in $url 192.168.123.1, script request http://192.168.123.1/verification.txt , might able ascertain machine in hosted environment due differences in response times between valid , invalid internal addresses. known timing attack. server might not want exposed publicly. of course, unlikely attack network in isolation, form of information leakage , might attacker enumerate network ready attack.
you need validate url or resolved dns each time requested, otherwise attacker set external pass validation, , re-point internal address in order begin probing.
file_get_contents in appears safe, retrieves url , places string. long you're not processing string in script engine or using execution parameter should safe. file_get_contents can used retrieve local file, if validate valid internet facing http url described above, measure should prevent reading of local files should decide show user verification.txt contained in case of mismatch. in addition, if display contents of verification.txt anywhere on site, should make sure output encoded prevent xss.
Comments
Post a Comment