Guest User

Untitled

a guest
Mar 13th, 2020
53
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. //Change these based on what user ids your registered users have.
  3. $user_1_id = 1;
  4. $user_2_id = 2;
  5.  
  6. /**
  7.  * When we create an user, let's assume we attach a secret access key to his user ID, under the meta_key 'access_key'.
  8.  *
  9.  * We ask the user for this key every time he wants to do something.
  10.  */
  11. update_user_meta( $user_1_id, 'access_key', 'eiZurewj$ez24pP' );
  12. update_user_meta( $user_2_id, 'access_key', 'xcrpsokfoipu35oE' );
  13.  
  14. /**
  15.  * This is the key that he provides us.
  16.  */
  17. $secret_key_from_frontend = 'eiZurewj$ez24pP';
  18.  
  19. $all_users_ids = get_users([
  20.     'fields' => 'id',
  21.     'meta_key' => 'access_key',
  22.     'meta_compare' => '=',
  23.     'meta_value' => $secret_key_from_frontend
  24. ]);
  25.  
  26. /**
  27.  * We loop through a supposedly safe & accurate list of users that match both the meta_key/value pair.
  28.  * It should be only give us '1'.
  29.  */
  30. echo "User ids that correspond to the correct secret key:";
  31. //Should only return 1.
  32. foreach( $all_users_ids as $user_id ) {
  33.     echo $user_id;
  34.     echo " ";
  35.  
  36.     //Do some sensitive stuff with this, since we "know" the user has the secret key for a specific user id.
  37. }
  38.  
  39. echo "<br>";
  40.  
  41. /**
  42.  * So, let's go ahead and mess with it by making the meta_value empty.
  43.  */
  44.  
  45. $evil_key = '';
  46.  
  47. $evil_user_ids = get_users([
  48.     'fields' => 'id',
  49.     'meta_key' => 'access_key',
  50.     'meta_compare' => '=',
  51.     'meta_value' => $evil_key
  52. ]);
  53.  
  54. echo "User ids that correspond to the evil, empty-space key:";
  55. //Returns 1,2...
  56. foreach( $evil_user_ids as $evil_user_id ) {
  57.     echo $evil_user_id;
  58.     echo " ";
  59.  
  60.     //Do some sensitive stuff with this, only this time, we got tricked, we're doing the same operation for all users.
  61. }
  62.  
  63.  
  64. echo "However, let us see what happens when False is provided for the meta value.";
  65. $proper_user_ids = get_users([
  66.     'fields' => 'id',
  67.     'meta_key' => 'access_key',
  68.     'meta_compare' => '=',
  69.     'meta_value' => False
  70. ]);
  71.  
  72. echo "User ids that correspond to the evil, empty-space key:";
  73. //Returns nothing.
  74. foreach( $proper_user_ids as $proper_user_id ) {
  75.     echo $proper_user_id;
  76.     echo " ";
  77.  
  78.     //Do some sensitive stuff with this, only this time, we got tricked, we're doing the same operation for all users.
  79. }
  80.  
  81. echo "Well, nothing, as it should, but, we are expecting that '' would achieve the same thing.";
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×