The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 17, 2019, 06:07:18 PM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: Carpal Tunnel Relief  (Read 2442 times)
jammaster82
Lifer
*****
Offline Offline

Posts: 666


Thats craigs list for ya


View Profile
« on: February 09, 2008, 05:58:58 AM »

Huh?

$companyname = trim($_REQUEST['companyname']);
$contactfirstname= trim($_REQUEST['contactfirstname']);
$contactlastname=trim($_REQUEST['contactlastname']);
$streetaddress=trim($_REQUEST['streetaddress']);
$suitenumber=trim($_REQUEST['suitenumber']);
$city=trim($_REQUEST['city']);

 Vomit how come they arent automatically variables?
so i can just be like

Code:
print $suitenumber;
print ' was the suitenumber posted to this form.';


Logged

The watched pot, never boils... But if you walk away from it , the soup burns.  What gives?
jammaster82
Lifer
*****
Offline Offline

Posts: 666


Thats craigs list for ya


View Profile
« Reply #1 on: February 09, 2008, 06:01:29 AM »

Code:
<?php

extract
($_REQUEST);

echo 
$companyname.'::was companyname <br><br>';
echo 
$contactfirstname.'::was contactfirstname <br><br>';

?>




by placing extract($_REQUEST) at start of the script all GET, POST and Cookie data will be available as variables in the current scope.


Awwwwwwwwwwwwwwwwwww SNAP!   
Logged

The watched pot, never boils... But if you walk away from it , the soup burns.  What gives?
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #2 on: February 09, 2008, 10:01:59 AM »

what happens when the variable already exists? Just curious.
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #3 on: February 09, 2008, 01:28:33 PM »

Nice find bro. I wonder if doing this would open up an injection vector? I guess not but I would like to see the extract function.
Logged

hai
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #4 on: February 11, 2008, 04:12:49 PM »

Absolutely opens up a vector - I personally would never use it.

The problem is that extract, by default, will overwrite variables in the same scope. So someone could take a wild-assed guess and overwrite some of yours and dick with your procedure, or if they really knew more they could potentially hijack you.

There are modifications to the extract behavior which can be seen here: http://us3.php.net/manual/en/function.extract.php but this is a poor man's way to make sure. This little snippet uses scope as a hard firewall against variable intrusion.

Code:
<?php

$AVarIExpect 
'testing';
$AnotherVarIExpect 'Fubar';

doExtractFunction()


function 
doExtractFunction()
{
global $AVarIExpect$AnotherVarIExpect;
extract($_REQUEST);
}
?>


Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!