I developed a bulletin board from scratch using CodeIgniter, PHP and PDO for MySQL. Now I clean and test security defects / flaws. I came across a small flaw that I cannot think of a hard decision about. Users can flood my database with random comments that aren't even related to forum posts. To better describe this problem, let me briefly explain my system.
When you log in to view the message, the message object along with any related comments through post_idis retrieved from the database. You can read the message and leave a comment. The comment form at the bottom has a hidden field under the name pid, which stores the identifier of the current record that we are viewing, so I can save the state when you click the submit button. However, there is such a fall. The hidden field can be changed to any integer value before sending, as you might guess.
The URL scheme looks something like this when you view the message;
http://www.domain.com/forum/post/22
And after clicking submit, you will be redirected to a URL that looks like this:
http://www.domain.com/forum/create_comment
... where the comment information will be inserted into the database along with the associated user ID and message.
I tried to test the referent URL, but the case is similar. I came up with several solutions, but I don’t know if there is an idea? Running JavaScript, storing pidin a session, and / or collecting information hidden in a field.
source
share