Posts: 293
Threads: 20
Joined: Jan 2017
Hello,
I've just found an HTTP vulnerability in my server UCP, anyone can use a POST method (form) and inject the code with it, so he will be able to ban or kick anyone in the server, if anyone knows how to block this injection method please help. I'm not experienced with web security at all.
Posts: 2,203
Threads: 154
Joined: Oct 2009
Reputation:
0
If you are not experienced you should read as much as you can and understand how it works. The fact that you found it in your UCP proves that you are on a right track. Personally i would suggest using some framework since they provide protection against most attacks and sanitize allot of things even before you access them.
Also believe it or not wikipedia is your best friend since it will list and describe possible known attacks, from there you will know what to look for meaning you will find how they work and how to implement protection.
Posts: 293
Threads: 20
Joined: Jan 2017
Trying to solve it 3 hours ago ... and still.
Posts: 293
Threads: 20
Joined: Jan 2017
Solved, using an "if" statement before the $_POST code + sanitize function to avoid xss injections / bad requests .
EDIT: Posted it here because the forums are dedicated to Pawn language, not PHP. and I'm too lazy to create a new stackexchange account