a securty hole??

**scsa20** · Mar 22nd, 2002, 11:15 PM

can someone tell me if theres a securty hole in this code??

PHP Code:


<html>



<head>

<meta http-equiv="Content-Language" content="en-us">

<meta name="GENERATOR" content="Microsoft FrontPage 5.0">

<meta name="ProgId" content="FrontPage.Editor.Document">

<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">

<title>Simonsoft - Software Development</title>

</head>



<body leftmargin=0 rightmargin=0 topmargin=0 bottommargin=0 bgcolor="#AAAAAA">



<div align="center">

  <center>

  <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="780" id="AutoNumber1">

    <tr>

      <td>

      <div align="center">

        <center>

        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="780" id="AutoNumber2">

          <tr>

            <td width="200"><a href="http://www.simon-soft.com/">

            <img border="0" src="images/banner.jpg" width="200" height="200"></a></td>

            <td>

            <div align="center">

              <center>

              <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="550" id="AutoNumber3" bgcolor="#FFFFFF">

                <tr>

                  <td width="150" bgcolor="#AAAAAA">

                  <div align="center">

                    <center>

                    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="170" id="AutoNumber4" bgcolor="#FFFFFF" height="100">

                      <tr>

                        <td background="images/nav_bg.jpg" height="20">

                        <p align="center"><b><font face="Tahoma" size="2">

                        Programs</font></b></td>

                      </tr>

                      <tr>

                        <td height="80">

                        <div align="center">

                          <center>

                          <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="160" id="AutoNumber6" height="1">

                            <tr>

                              <td height="25"><font size="1">&nbsp;</font></td>

                            </tr>

                            <tr>

                              <td height="1"><font size="1" face="Tahoma">&gt;&gt;

                              <a href="index2.php?id=programs/ie_title">IE Title 

                              Changer Beta 2</a></font></td>

                            </tr>

                            <tr>

                              <td height="1"><font face="Tahoma" size="1">&gt;&gt;

                              <a href="index2.php?id=programs/system_works">System Works 

                              Beta 1</a></font></td>

                            </tr>

                            <tr>

                              <td height="25"><font size="1">&nbsp;</font></td>

                            </tr>

                          </table>

                          </center>

                        </div>

                        </td>

                      </tr>

                    </table>

                    </center>

                  </div>

                  </td>

                  <td bgcolor="#AAAAAA" width="20">&nbsp;</td>

                  <td bgcolor="#AAAAAA">

                  <div align="center">

                    <center>

                    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="170" id="AutoNumber17" bgcolor="#FFFFFF" height="100">

                      <tr>

                        <td background="images/nav_bg.jpg" height="20">

                        <p align="center"><b><font face="Tahoma" size="2">

                        Wallpapers</font></b></td>

                      </tr>

                      <tr>

                        <td height="80">

                        <div align="center">

                          <center>

                          <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="160" id="AutoNumber18">

                            <tr>

                              <td><font size="1">&nbsp;</font></td>

                            </tr>

                            <tr>

                              <td><font size="1" face="Tahoma">&gt;&gt;

                              <a href="index2.php?id=wallpaper/lain_1">Lain 

                              Wallpaper 1</a></font></td>

                            </tr>

                            <tr>

                              <td><font size="1">&nbsp;</font></td>

                            </tr>

                          </table>

                          </center>

                        </div>

                        </td>

                      </tr>

                    </table>

                    </center>

                  </div>

                  </td>

                  <td bgcolor="#AAAAAA" width="20">&nbsp;</td>

                  <td width="150">

                  <div align="center">

                    <center>

                    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="170" id="AutoNumber5" height="100">

                      <tr>

                        <td background="images/nav_bg.jpg" height="20">

                        <p align="center"><b><font face="Tahoma" size="2">Themes</font></b></td>

                      </tr>

                      <tr>

                        <td height="80">

                        <div align="center">

                          <center>

                          <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="160" id="AutoNumber7" height="1">

                            <tr>

                              <td height="20"><font size="1">&nbsp;</font></td>

                            </tr>

                            <tr>

                              <td height="1"><font face="Tahoma" size="1">&gt;&gt;

                              <a href="index2.php?id=themes/sailor_1">Sailor Moon 

                              Theme Version 1</a></font></td>

                            </tr>

                            <tr>

                              <td height="1"><font face="Tahoma" size="1">&gt;&gt;

                              <a href="index2.php?id=themes/sailor_2">Sailor Moon 

                              Theme Version 2</a></font></td>

                            </tr>

                            <tr>

                              <td height="1"><font face="Tahoma" size="1">&gt;&gt;

                              <a href="index2.php?id=themes/lain_1">Lain Theme 

                              Version 1</a></font></td>

                            </tr>

                            <tr>

                              <td height="20"><font size="1">&nbsp;</font></td>

                            </tr>

                          </table>

                          </center>

                        </div>

                        </td>

                      </tr>

                    </table>

                    </center>

                  </div>

                  </td>

                </tr>

              </table>

**scsa20** · Mar 22nd, 2002, 11:15 PM

PHP Code:


              </center>

            </div>

            </td>

          </tr>

        </table>

        </center>

      </div>

      </td>

    </tr>

    <tr>

      <td>

      <div align="center">

        <center>

        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="780" id="AutoNumber8">

          <tr>

            <td width="200">

            <div align="center">

              <center>

              <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="200" id="AutoNumber10">

                <tr>

                  <td><font size="1">&nbsp;</font></td>

                </tr>

                <tr>

                  <td>

                  <div align="center">

                    <center>

                    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="200" id="AutoNumber11" bgcolor="#FFFFFF">

                      <tr>

                        <td background="images/nav_bg.jpg" height="20">

                        <p align="center"><b><font face="Tahoma" size="2">

                        Simonsoft Links</font></b></td>

                      </tr>

                      <tr>

                        <td>

                        <div align="center">

                          <center>

                          <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="190" id="AutoNumber13">

                            <tr>

                              <td><font face="Tahoma" size="1">&nbsp;</font></td>

                            </tr>

                            <tr>

                              <td><font size="1" face="Tahoma">&gt;&gt;

                              <a href="http://forums.simon-soft.com/">Simonsoft 

                              Support Forums</a></font></td>

                            </tr>

                            <tr>

                              <td><font size="1" face="Tahoma">&gt;&gt;

                              <a href="index2.php?id=radio">Simonsoft 

                              Radio</a></font></td>

                            </tr>

                            <tr>

                              <td><font face="Tahoma" size="1">&nbsp;</font></td>

                            </tr>

                          </table>

                          </center>

                        </div>

                        </td>

                      </tr>

                    </table>

                    </center>

                  </div>

                  </td>

                </tr>

                <tr>

                  <td>&nbsp;</td>

                </tr>

                <tr>

                  <td>

                  <div align="center">

                    <center>

                    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="200" id="AutoNumber12" bgcolor="#FFFFFF">

                      <tr>

                        <td background="images/nav_bg.jpg" height="20">

                        <p align="center"><b><font face="Tahoma" size="2">

                        Helpful Book</font></b></td>

                      </tr>

                      <tr>

                        <td>

                        <div align="center">

                          <center>

                          <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="190" id="AutoNumber14">

                            <tr>

                              <td><font face="Tahoma" size="1">&nbsp;</font></td>

                            </tr>

                            <tr>

                              <td>

                              <p align="center">

                              <img border="0" src="images/book.gif" width="71" height="90"></td>

                            </tr>

                            <tr>

                              <td><font face="Tahoma" size="1">&nbsp;</font></td>

                            </tr>

                            <tr>

                              <td>

                              <p align="center"><font size="1" face="Tahoma">

                              &quot;Visual Basic 6.0 Step by Step&quot; is the one book I 

                              use the most, and it only costs $27.99.</font></td>

                            </tr>

                            <tr>

                              <td><font face="Tahoma" size="1">&nbsp;</font></td>

                            </tr>

                            <tr>

                              <td>

                              <p align="center">

                              <a href="http://www.amazon.com/exec/obidos/ASIN/1572318090/simonsoft-20" target="_parent">

                              <font size="1" face="Tahoma">Click here for more 

                              information</font></a></td>

                            </tr>

                            <tr>

                              <td><font face="Tahoma" size="1">&nbsp;</font></td>

                            </tr>

                          </table>

                          </center>

                        </div>

                        </td>

                      </tr>

                    </table>

                    </center>

                  </div>

                  </td>

                </tr>

              </table>

              </center>

            </div>

            </td>

            <td valign="top">

            <div align="center">

              <center>

              <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="500" id="AutoNumber15">

                <tr>

                  <td><font size="1">&nbsp;</font></td>

                </tr>

                <tr>

                  <td>

                  <div align="center">

                    <center>

                    <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="500" id="AutoNumber16" bgcolor="#FFFFFF">

                      <tr>

                        <td background="images/nav_bg.jpg" height="20">

                        <p align="center"><font size="2" face="Tahoma"><b>News / 

                        Content</b></font></td>

                      </tr>

                      <tr>

                        <td><?php include ("$id.php"); ?>&nbsp;</td>

                      </tr>

                    </table>

                    </center>

                  </div>

                  </td>

                </tr>

              </table>

              </center>

            </div>

            </td>

          </tr>

        </table>

        </center>

      </div>

      </td>

    </tr>

  </table>

  </center>

</div>



</body>



</html>

scoutt · Mar 23rd, 2002, 01:02 AM

Security hole in HTML?????????

what do you expect to see?

**scsa20** · Mar 23rd, 2002, 02:26 AM

I don't know, eiS said there's a hole in the codeing (and that's actuly PHP codeing with HTML)...oh well...I am working on a new layout anyways.

scoutt · Mar 23rd, 2002, 11:40 AM

Originally posted by scsa20
I don't know, eiS said there's a hole in the codeing (and that's actuly PHP codeing with HTML)...oh well...I am working on a new layout anyways.

I didn't see any php in that except for an include. it looks all like regualr html to me.

**chrisjk** · Mar 23rd, 2002, 12:54 PM

The only thing I could see is that it looks like you're accepting a value from POST or GET and using it straight away, i'd advise you do this

PHP Code:


<?php 



$id = strip_tags(htmlspecialchars($id));

include ("$id.php");



?>

Otherwise you are open to people writing all sorts of crap in the URL bar.

Thread: a securty hole??

Thread Tools

Display

a securty hole??

Posting Permissions