4.4.1 to 4.4.8 base_url php spark closes..

4.4.1 to 4.4.8 base_url php spark closes..

xsPurX
Junior Member
Posts: 27
Threads: 9
Joined: Oct 2023
Reputation: 0

05-09-2024, 06:21 AM

(05-09-2024, 05:36 AM)kenjis Wrote: I forgot to mention that the above code is vulnerable because it does not validate the value of $_SERVER['HTTP_HOST'].
In a production environment, all user input should be validated.

Can you elborate on that? what would be a way to validate it. I thought that comes from the server end. If they change the domain name, it wouldn't load my site it would load a different site? It's not entered anywhere so I don't understand how this would be considered user input?

Messages In This Thread

4.4.1 to 4.4.8 base_url php spark closes.. - by xsPurX - 05-06-2024, 11:31 AM

RE: 4.4.1 to 4.4.8 base_url php spark closes.. - by kenjis - 05-07-2024, 01:50 AM

RE: 4.4.1 to 4.4.8 base_url php spark closes.. - by xsPurX - 05-07-2024, 06:37 AM

RE: 4.4.1 to 4.4.8 base_url php spark closes.. - by kenjis - 05-09-2024, 05:36 AM

RE: 4.4.1 to 4.4.8 base_url php spark closes.. - by xsPurX - 05-09-2024, 06:21 AM

RE: 4.4.1 to 4.4.8 base_url php spark closes.. - by kenjis - 05-09-2024, 04:02 PM

RE: 4.4.1 to 4.4.8 base_url php spark closes.. - by mylastof - 05-11-2024, 05:49 AM