PHP header(“location”); vulnerability

Every documentation and every code piece you can find about PHP’s header(“location: ….”); function recommends using die(); after the statement, but I never realized why until a couple of days ago. Most of the times I use die(); or exit(); after redirect statements, but for some reason I forgot to do so in one of my script. I learned the hard way why is it important: someone gained partial access to my site’s admin area. Turns out you canĀ turn off redirects in your browser and in that case the rest of the script will execute without problems. Rookie mistake, I know, but I thought it’s worth sharing

Be Sociable, Share!

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">