This is a short list of bugs that can compromise PHP/Laravel website security. Some are well known and easy to exploit. Others need stars to align for things to happen.
1. SQL injection
Probably best known vulnerability. Basically, it allows website attacker to inject his SQL into your code. If you have code like this:
$post_id = $_POST['post_id'];$sql = "DELETE FROM posts WHERE user_id = 1 AND id = $post_id";\DB::statement($sql);
If somebody will enter this into email field: 1 OR 1. SQL query will look like this:
$sql = "DELETE FROM posts WHERE user_id = 1 AND id = 1 OR 1";
Basically what you are saying now — please delete all posts for all users.
2. XSS (cross site scripting)
Imagine page like Google, where users can enter a search query. On the result page you will show what they were searching for:
<?php echo 'You searched for: ' . $_GET['search_query']; ?>
If attacker will enter something like this:
What attacker can do with that, is steal cookies, redirect users to other website, steal passwords. What, your password was 123456?
3. CSRF (cross site request forgery)
For example you have a link on your website where user can delete his account.
<a href="http://your-website.com/delete-account">delete account</a>
Guess what will happen if attacker will post a comment on your website looking like this:
<img src=”http://your-website.com/delete-account”> lol :D
Users who will look at this comment will get their accounts deleted. Let’s go on a commenting spree!
This attack type tries to make you click where you didn’t wanted. For example by placing invisible Facebook like button on top of other button.
You liked this example too?
5. File upload to public_html
This attack allows attacker to upload .php or other executable file into your public_html folder.
Imagine if you have image upload on your website and you are not validating what file is uploaded. I see a file upload storm cumming…
6. ZIP bomb
Some websites allow to upload files in .zip archive. After that they extract .zip archive and do something with those files. But there is a catch.
It is possible to make .zip archive that just takes 42 KB and when extracted it will take 4718592 GB of space. Think of this file as a nuclear bomb.
It is an easy to use function to get content of a file:
But if you let attacker to enter what he wants, he can enter file name from your server, example:
echo file_get_contents('.env');ORecho file_get_contents('secret-code.php');
This function will read file from your server and will display it’s content to the attacker.
This vulnerability is hard to find, like a Pikatchu in pokemons.
8. Double form submission
User can double click on the form submit button and your PHP script will be executed twice. Sometimes this can rezult in nasty bugs.
The best way to win a war on vulnerabilities is knowing them by their face.
Is your website protected from all of them? If yes, post it’s url and somebody will check that :)