May 29

URL Manipulation

One of the way in which hackers attempt to gain access to restricted areas of a website is via URL manipulation. For example, a simple PHP script to show a record with the ID of 7 from a database might use a URL ending showrecord.php?id=7. It would be easy for a hacker to change this to showrecord.php?id=8.

To defend against this problem, you should take steps in several areas:

    • Check the owner of every record before displaying it. This means adding a userid (UID) to every record and comparing it to the current user’s ID.

 

    • Use POST rather than GET to send the form data (i.e. <form action="action.php" method="post">). This prevents URL manipulation, as the data is sent in the HTTP headers and not in the URL.

 

Category: PHP | LEAVE A COMMENT