I am evalating a way to secure PHP pages. I wonder if someone can provide me a code to spoof by sending a fake referer to $_session['xyz'] in main.php?
Do I have to know the session variable before I could sent a spoof value?
So far I tried my code below.
<?php
header("Referer: http://domain.com.sg");
$host = "domain.com.sg";
$file = "demo.php";
$hdrs = array( 'http' => array(
'method' => "POST",
'header'=> "accept-language: en\r\n" .
开发者_如何学编程 "Host: $host\r\n" .
"Referer: http://$host\r\n"
)
);
$context = stream_context_create($hdrs);
$fp = fopen("http://domain.com.sg/dem251.php", 'r', false, $context);
fpassthru($fp);
fclose($fp);
?>
Session values are kept server-side. Unless your PHP has register_globals enabled, the only way a remote user could directly set something in the session is via your code. So if you don't have something like:
$_SESSION['xyz'] = $_GET['xyz'];
anywhere, then it's "safe".
As for the referer itself, that's just an HTTP header, which is COMPLETELY under control of the user. It's best to ignore the referer completely, or at least treat it as you would toxic waste.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论