Every time I see someone trying to exploit one of my web apps I like to see what kind of exploit it is just to learn how it works.
In this case I saw someone attempting to use the query string ?q=login.destroy.session&r=0.12365442. I've tried Googling but all I come across are tutorials on how to use sessions to control logins or, logs that show other sites being accessed this way.
Does anyone know what this actually does? Is it framework specific or work on any PHP version?
分享 The 'exploit' you're thinking of, necessarily, has nothing to do with the fact it is inserted into the URL.
There are many ways to 'inject' malicious code into a website. The main ways are through GET and POST parameters, through user input or API endpoints.
The concept is simple, if the data is derived from the client (ie, not hard-coded or capable of changing) then it is untrusted.
This type of attack is simply testing what happens when they put something your application doesn't expect to see how it handles.
This is the main reason why you never trust data, and if your paranoid like me, never trust your own data either, even if it is hard coded. Ensure, before SQL queries, you're stripping any malicious code out of it whether that be using mysqli::real_escape_string or PDO::Prepare.
分享
