Top PHP security vulnerabilities/risks

PHP is an open-source, server-side language which is used for web development. It is an acronym for “PHP Hypertext Preprocessor”.

Some of the main Advantages of PHP are :

  • FREE: Perhaps the biggest advantage is that it is available for free and therefore since it is open source, it is regularly updated by programmers all over the globe.
  • Platform Independent: Runs on any OS, Linux, Windows, Mac OS, UNIX, etc.
  • Capable: It is built to design and run high-traffic websites like Facebook and Twitter.

Even after being so popular and having a large community, PHP has some vulnerabilities as well :

Security concept: Lock on digital screen, contrast, 3d render
Security concept

Cross-Site Scripting Attacks (XSS)

This is a type of attack to which your PHP script might be prone.  Basically, malicious client-side code like JavaScript, HTML, and CSS are injected into your script through incorrectly validated user data or even with an altered hyperlink.

This can be avoided if the developer codes the script properly and covers all the possible exploits.

SQL Injection

This is a technique using which a user can enter a SQL command as an input and insert it in an SQL statement.

For Example, if a field “phone number” of a form is entered with a value “555-555-5555 or 1=1”. Now when this input is processed using the query

"SELECT email FROM Users WHERE phone_number = 555-555-5555 or 1=1",

the malicious user can get access to all the emails of the database. Again like XSS, it can be avoided by using proper validation of inputs.

Remote File Inclusion

This is when a malicious file is included deep in your PHP application. The malicious file could start your application to work in an undesired manner or could be silently leaking the application data from the database.

To fix this issue we have to change the “php.ini” (whose location can be found using

php -i | grep 'php.ini'

in the command line and check the following flags :

  • allow_url_fopen set to off.
  • allow_url_include set to off.

Session Hijacking

Session Hijacking refers to stealing and using some other user’s Session ID and then browsing on the server pretending to be the user. By default, the Session ID is stored on the client side in a cookie named PHPSESSID. Usually, if a user is just say, browsing a website, then Session Hijacking is not such a serious threat, but if that session is being used to authenticate a user login it can be dangerous.

How can we Prevent Session Hijacking :

  • Change the session ID as often as you can using the php function session_regenerate_id().
  • Prevent JavaScript from being given access to the session ID by either by the session.cookie.httponly setting in php.ini or using the php function session_set_cookie_parms().
  • The most common way session IDs are stolen is through Cross-Site Scripting Attacks or XSS attacks. By avoiding XSS attacks one can also prevent session hijacking as well.

Directory Traversal

This is also known as ../ (Dot Dot slash) attack, the climbing attack, and the backtracking attack. This attack looks for a file that is given public access permissions. The goal of this attack is to get an application to access a file that is not intended to be accessible.

The Best way to prevent this attack is to convert file paths to absolute paths and make sure they’re referencing files in allowed directories.

Leave a Reply

Your email address will not be published. Required fields are marked *