(^3) $authenticated = true;
4 }
5 if($authenticated) {
(^6) // do something only admins are allowed to do
7 }
If this is checkuser.php and global registering is on, then an attacker could
call this in the browser as http://example.com/checkuser.php?
authenticated=true and could work around the whole user checking;
his authentication as $_GET['authenticated'] automatically turns into
$authenticated.
Turn Off Error Messages
A lot of servers are set up to show you error messages when the browser
encounters a problem. These messages often look cryptic, but they are a
great source of information for attackers.
Creating an error and seeing what the server spits out is one of the first
steps in checking the folder structure of a server. Strangely enough, error
pages stating “File XYZ could not be found” were one of the first XSS attack
opportunities, because you could look for a file named .
Automatically Checking PHP for Security Issues
Uploading PHPSecInfo to a folder is a pretty handy way to perform a quick
audit of your PHP server’s security. Opening it in your browser gives you a
detailed checklist of common security flaws and how they should be fixed.
But never leave this on a live server because it gives attackers a lot of
details about your set-up!