|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| ||||||||||||||||||||||||||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Codewalkers Forums Sponsor:
|
|
|
|
#1
January 31st, 2005, 05:43 PM
|
|||
|
|||
|
php security question
I've been coding in various languages for a few years and have recently begun dealing with networks and other things, so I am taking a Network Security class at my local community college. Today in class, someone says that they "found this thing where this guy wrote this C code that if you went to his site would either change your Administator password or add a new account with a given password and so he could take over your system, all just by viewing the website". When I inquired as to how this was possible, I was surprised that my teacher and a few felow classmates responded by saying this was a common and very easy to perform type practice and could be done with any programming language including PHP and Perl.
Again, I questioned them, saying that such an allowance would virtually render the internet useless, being that anyone could take over anyone's system by means of a simple website, and that you werent allowed to write to files on the client's computer without Active X or some t ype of securtiy certificate etc, and they assured me you could, so I went home and have been trying to come up with PHP to do this for the last little while to no avail. So my question is, is this possible or is my teacher crazy like I think he is! What am I missing?? Please help me sort this out 
|
|
#2
January 31st, 2005, 06:12 PM
|
|||
|
|||
|
RE: php security question
unless they're referring to recent JPEG thing, they're crazy. i mean there's a lot of things you can do just by visiting a webpage, but certainly not setup an admin account with remote access on any visitors system.
|
|
#3
January 31st, 2005, 06:17 PM
|
|||
|
|||
|
RE: php security question
I don't see why you want to do it anyway. Hacking for a legitimate reason is fine, but that is plain evil and shouldn't be encouraged by the teacher to be honest.
|
|
#4
January 31st, 2005, 06:20 PM
|
|||
|
|||
|
RE: php security question
I dont want to do it, and he wasnt encouraging it, he just said it was possible, and that's all I wondered, as if it could be done, not how and show me
|
|
#6
February 1st, 2005, 07:53 PM
|
|||
|
|||
|
RE: php security question
Ok. I agree tho with Notepad, its just not possible with PHP. It does not have the information to do that, unless it is just getting the ip address of the client and then another program is doing the actual hacking.
|
|
#7
February 1st, 2005, 11:07 PM
|
||||
|
||||
|
RE: php security question
I personally don't know but have you tried asking the PHP general mailing list? I know as a fact that many of the regular contributors deal with many security issues for their companies sites. I doubt if they will tell you how to do it but they should tell you if it at all possible.
|
|
| Viewing: Codewalkers Forums > Other Technologies > Programming Theory > php security question |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
