Top PHP security vulnerabilities / risks

Posted by & filed under Troubleshooting, Web Servers.

 

Security concept: Lock on digital screen, contrast, 3d render

PHP is an open source, server side language which is used for web development. It is an acronym for “PHP Hypertext Preprocessor”.

Some of the main Advantages of PHP are :

  • FREE : Perhaps the biggest advantage is that it is available for free and therefore since it is open source, it is regularly updated by programmers all over the globe.
  • Plantform Independent: Runs on any OS, Linux, Windows, Mac OS, UNIX etc.
  • Capable : It is build to design and run high traffic websites like Facebook and Twitter.

 

Even after being so popular and having a large community, PHP has some vulnerabilities as well :

Cross-Site Scripting Attacks (XSS)

This is a type of attack to which your PHP script might be prone to.  Basically  malicious client side code like JavaScript, HTML, CSS are injected to your script through incorrectly validated user data or even with an altered hyperlink.

This can be avoided if the developer codes the script properly and covers all the possible exploits.

 

SQL Injection 

This is a technique using which a user can enter a SQL command as an input and insert it in an SQL statement.

For Example, if a field “phone number” of a form is entered with a value “555-555-5555 or 1=1”. Now when this input is processed using the query

the malicious user can now get access to all the emails of the database. Again like XSS it can be avoided by using proper validation of inputs.

Remote File Inclusion

This is when a malicious file is included deep in your PHP application. The malicious file could start your application to work in an undesired manner or could be silently leaking the application data from the database.

To fix this issue we have to change the “php.ini” (whose location can be found using

 

in the command line and check the following flags :

  1. allow_url_fopen set to off.
  2. allow_url_include set to off.

 

Session Hijacking

Session Hijacking refers to stealing and using some other user’s Session ID and then browsing on the server pretending to be the user. By default the Session ID is stored on the client side in a cookie named as PHPSESSID. Usually if a user is just say, browsing a web site, then Session Hijacking is not such a serious threat, but if that session is being used to authenticate a user login it can be dangerous.

How can we Prevent Session Hijacking :

  1. Change the session ID as often as you can using the php function session_regenerate_id().
  2. Prevent JavaScript from being given access to the session id by either by the session.cookie.httponly setting in php.ini or using the php function session_set_cookie_parms().
  3. The most common way session IDs are stolen is through Cross-Site Scripting Attacks or XSS attacks. By avoiding XSS attacks one can also prevent session hijacking as well.

     

Directory Traversal

This is also known as ../ (Dot Dot slash) attack, the climbing attack, and the backtracking attack.. This attack looks for a file which is given public access permissions. The goal of this attack is to get an application to access a file that is not intended to be accessible.

The Best way to prevent this attack is to convert file paths to absolute paths and make sure they’re referencing files in allowed directories.

Leave a Reply