forum thread submit [bugs]

[Faks]

Hi all i am working on forum and i am close to testing stage and right now i am fighting serious bugs with $_GET ...

http://hostings.flush.ws/?section=forumview&id=1 [you can manipulate the values and create unknown threads in unknown forums ]

http://hostings.flush.ws/?section=forumthreadsubmit&id=1 [you can manipulate the values and create unknown threads ]

also can mix both and get like backdoor trojan without admin knowledge

 

		if ($id = ((isset($_GET['id'])) && (ctype_digit($_GET['id'])) ? (int)$_GET['id'] : ''))		
	{
		true;
	}
	else 
	{
		echo $redirect.false;
	}

 

Sow if somebody could show example how to counter attack value changing

 

You can login in web with user help pass help12

address http://hostings.flush.ws/?section=news

[Faks]

bump nobody can help me ?   

[PFMaBiSmAd]

ALL external data ($_POST, $_GET, $_COOKIE, $_FILES, and some $_SERVER/$_ENV values) can be anything anyone wants to submit, cannot be trusted, and must be validated to insure it has an expected value.

 

You must validate that the forum and/or thread exists before you do ANYTHING with the submitted data.

[Faks]

but how   

[kickstart]

Hi

 

Check the passed id against the database to check it is valid. Same for the id of a thread.

 

You should also check that the id is useable by that user. Ie, if a forum area is only available to mods then you do not want anybody being able to manipulate the id to get access to it.

 

All the best

 

Keith

[Faks]

thanks i for good idea and it helped me to resolve the problem