Security risk using register_globals
Security risk using register_globals
There’s a security risk involved when enabling in your serverĀ register_globals, not sure if any of you noticed but I just remembered this and thought I should shout it to you all just so you are more careful. I’m currently working on a little project, not sure what will come out of it, but should be interesting to see it online. I was in the process of doing a secured login section and was just than thinking that I should be careful with the session variables, but also to be careful of register_globals, which, if you didn’t know, its really evil.
LE: One my friends checked this and it seems that its only affecting users using php 5.2 and lower, its deprecated in 5.3 and removed completely in 5.4.
So make sure that on each initialization of variables you check first what you are doing.
I’ll give you a more concrete example that you can see and understand better.
Let’s say we have a server with register_globals enabled and we have the following snipped of code:
1 2 3 4 5 6 7 8 9 10 11 |
<?php if(check_access($user_id)) { $access = true; } if($access) { // get them access to what *we* would normally want } ?> |
Now what if the little hacker would use something in the URL like bellow?
http://www.example.com/?access=1
You got it, $access variable would be set directly using 1 (which is true in coding) and would allow the little hacker to pass our access checking. From there he can do everything that you allowed them to do.
Really evil, right? So don’t forget to always make sure the directive in your php configuration is set to off. You can check the value of this directive by creating a phpinfo() page:
1 2 3 |
<?php phpinfo(); ?> |
If you have access to the php.ini file, change the directive value like bellow:
1 |
register_globals = off |
Using global keyword is safe instead?
Well register_globals and global are two different things really. The global keyword is used more to access variables outside a function, where the variable is not initialized.
For example:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
<?php $var = "Something"; print_var_a(); function print_var_a() { echo $var; // it will complain at this post and won't output anything } function print_var_b() { global $var; echo $var; // it will now have access to your variable and print it } ?> |
And normally if you access / need a variable inside the function, you would normally do checks before doing anything stupid.
Anyways, that’s my tip for today, sorry I’ll be posting less than usual again, am currently working on a little project at the moment so I may not be available. However commenting and helping out if need be, its possible, so don’t forget to subscribe and comment whenever you need help.