This question already has an answer here:
I am working on an existing website, looking for security issues. Is it safe to say that a PHP script aborts after the browser is redirected away or can a crafty user somehow force the script to continue. Assume "is_logged_in" returns 1 or 0 if the user is currently logged in. Assume there are no vulnerabilities in this function. The code is as follows:
<?
$fp = fopen("./debug.txt", "a");
fwrite("BEFORE LOGIN CHECK
");
if(!is_logged_in()) {
fwrite("Not authed
");
header("Location: $url", TRUE, 302);
}
fwrite("Passed auth check
");
/* Code to do some logged in functionality here */
?>
Using a normal browser with a logged in user I get
BEFORE LOGIN CHECK
Passed auth check
with a not logged in user I get
BEFORE LOGIN CHECK
Not authed
Is it possible to hold the script open (and ignore the redirect), using raw requests so that I get
BEFORE LOGIN CHECK
Not authed
Passed auth check
Essentially go into the if block, get the redirect header, ignore it, and have the script continue executing.
If not I would correct the issue by doing:
if(!is_logged_in()) {
fwrite("Not authed
");
header("Location: $url", TRUE, 302);
die();
}
But I'm not sure if this is even an issue.
</div>
