Tag Archives: PHP

General

Session Fixation

Leave a comment

Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn’t assign a new session ID, making it possible to use an existent session ID. The attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim’s browser use it.

The session fixation attack is a class of Session Hijacking, which steals the established session between the client and the Web Server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim’s browser, so the attack starts before the user logs in.

There are several techniques to execute the attack; it depends on how the Web application deals with session tokens. Below are some of the most common techniques:

• Session token in the URL argument: The Session ID is sent to the victim in a hyperlink and the victim accesses the site through the malicious URL.

• Session token in a hidden form field: In this method, the victim must be tricked to authenticate in the target Web Server, using a login form developed for the attacker. The form could be hosted in the evil web server or directly in html formatted e-mail.

• Session ID in a cookie:

The following helps to protect against session hijacking and fixation attacks.

  • Use SSL and set the $secure cookie parameter to true .
  • Set the session.use_only_cookies php.ini parameter to 1 .
  • Protect against XSS vulnerabilities in the application.
  • Rotate the session id on successful login and logout using session_regenerate_id()
General

Cookie Hijacking

Leave a comment

Cookie Hijacking, sometimes also known as session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s compute

General

Session Hijacking

Leave a comment

Cookie Hijacking, sometimes also known as session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s compute

The following helps to protect against session hijacking and fixation attacks.

  • Use SSL and set the $secure cookie parameter to true .
  • Set the session.use_only_cookies php.ini parameter to 1 .
  • Protect against XSS vulnerabilities in the application.
  • Rotate the session id on successful login and logout using session_regenerate_id()
PHP

preg_match_all

Leave a comment

The preg_match_all() function matches all occurrences of pattern in string.

It will place these matches in the array pattern_array in the order you specify using the optional input parameter order. There are two possible types of order −

PREG_PATTERN_ORDER − is the default if the optional order parameter is not included. PREG_PATTERN_ORDER specifies the order in the way that you might think most logical; $pattern_array[0] is an array of all complete pattern matches, $pattern_array[1] is an array of all strings matching the first parenthesized regexp, and so on.

PREG_SET_ORDER − will order the array a bit differently than the default setting. $pattern_array[0] will contain elements matched by the first parenthesized regexp, $pattern_array[1] will contain elements matched by the second parenthesized regexp, and so on.

The function returns  the number of matching.

<?php
 $text = <<<EOT
 The big bang bonged under the bung.
 EOT;
 echo preg_match_all('@b.n?g@', $text, $matches);
 print_r($matches);
?>
PHP

Final Class

Leave a comment

Final keyword, which prevents child classes from overriding a method by prefixing the definition with final. If the class itself is being defined final then it cannot be extended.

  • A final class may be instantiated.
  • A class with a final function may be derived.
  • Static functions can be final.
  • Preventing massive inheritance chain of doom
  • Encouraging composition
  • Force the developer to think about user public API
  • Force the developer to shrink an object’s public API
  • A final class can always be made extensible
  • extends breaks encapsulation
  • You don’t need that flexibility
  • You are free to change the code
PHP

Stream Contexts

Leave a comment

Streams are resources provided by PHP that we often use transparently, but which can also be very powerful tools. By learning how to harness their power, we can take our applications to a higher level.

Every stream has a implementation wrapper which has the additional code necessary to handle the specific protocol or encoding. PHP provides some built-in wrappers and we can easily create and register custom ones. We can even modify or enhance the behavior of wrappers using contexts and filters.

A context can modify or enhance the behavior of a stream

A context is a set of parameters and stream wrapper specific options

The following functions accepts a stream $context parameter.

  • fopen
  • file_get_contents
  • file
PHP

SplObjectStorage

Leave a comment

The SplObjectStorage class provides a map from objects to data or, by ignoring data, an object set. This dual purpose can be useful in many cases involving the need to uniquely identify objects.

  • It uses Objects are indexes
  • It can be used to implement set of objects
  • It allows arbitrary data to be associated with objects
  • It does not permit the serialization of objects
PHP

Type Hinting

Leave a comment

With Type hinting we can specify the expected data type (arrays, objects, interface, etc.) for an argument in a function declaration. This practice can be most advantageous because it results in better code organization and improved error messages.

You can use type hinting to specify the expected data type of an argument in a function declaration. When you call the function, PHP will check whether or not the arguments are of the specified type. If not, the run-time will raise an error and execution will be halted.

  • Typehints can be optional
  • Type hints can be reference
  • Typehints parameters can default to NULL.
  • Type hints class does not have to be defined when a function definition is parsed
  • Objects need not be of the same class to satisfy typehinting.
  • Type hints can be PHP scalar value
PHP

SplFixedArray

Leave a comment

The SplFixedArray class provides the main functionalities of array. The main differences between a SplFixedArray and a normal PHP array is that the SplFixedArray is of fixed length and allows only integers within the range as indexes. The advantage is that it allows a faster array implementation.