PHP lab: PHP double submit problem.
If a user refreshes a page after submitting a form, he may accidentally post the content again resulting in duplicate submission, thus causing undesired results. This is known as double submit problem.
In this lab, we will programmatically understand why this problem occurs and how to fix this.
Learn Secure Coding
Lets begin
The application is accessible from Kali Linux using the following URL.
http://192.168.56.101/webapps/double_submit/1/double_submit.html/
This looks the image below when accessed from a web browser.
Let us enter 1234 as user input and click Place Order to complete the order.
As you can see in the figure below, the order has been placed, and the entry has been added to the database.
Note: Just to understand the problem better, we are displaying the time from the server.
Now, let us click the refresh button and see what happens.
As we can see in the above figure, the request is ready to be sent again. If we click Resend, the form data (order) will be resubmitted resulting in a duplicate order.
We can check it by clicking Resend button.
If we compare the time in both the screenshots, they are different, and that confirms that the form has been resubmitted.
The following is an image of the same problem.
Lets check our code to see what's happening behind the scenes.
double_submit.html
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form action="process.php" method="post">
<h1>Submit your credit card details</h1>
<label for="Credit_Card">Credit Card number</label>
<input type="text" name="credit_card"/>
<br /><br />
<input type="submit" value="Place Order"/>
</form>
</body>
</html>
As we can see in the excerpt above, the double_submit.html page sends user entered data to process.php as a post request.
Now, let us see what process.php does with the data received.
process.php
<?php
$cardnumber = $_POST['credit_card'];
$db_file = dirname(__FILE__) . '/db.txt';
file_put_contents($db_file, 'cardnumber '.$cardnumber . ' time '.date('H:i:s'));
$data = file_get_contents($db_file);
?>
<!DOCTYPE html>
<html>
<head>
<title> Submitted Sucessfully </title>
</head>
<body>
<H1> Submitted Successfully</H1>
<h2>Data written into the database: <?php echo $data ?></h2>
</body>
</html>
process.php is taking the user entered data and it is saving it to a file named db.txt on the server and then it sends 200 OK response to the client. If this process.php page is refreshed, it resubmits the post data it was holding from the previous request.
How to avoid this?
This is a well-known problem and the PRG (POST/REDIRECT/GET) Pattern is used to avoid this. It basically instructs our process.php page to issue a redirect another page instead of sending 200 OK response to the client.
Let us see how we can achieve this.
process.php
<?php
$cardnumber = $_POST['credit_card'];
$db_file = dirname(__FILE__) . '/db.txt';
file_put_contents($db_file, 'cardnumber '.$cardnumber . ' time '.date('H:i:s'));
header('HTTP/1.1 301 Moved Permanently');
header('Location: success.php');
die();
?>
As you can see in the excerpt above, process.php is redirecting the user to success.php after inserting the data.
success.php
<?php
$db_file = dirname(__FILE__) . '/db.txt';
$data = file_get_contents($db_file);
?>
<!DOCTYPE html>
<html>
<head>
<title> Submitted Sucessfully </title>
</head>
<body>
<H1> Submitted Successfully</H1>
<h2>Data written into the database: <?php echo $data ?></h2>
</body>
</html>
success.php will read the contents from the back end and displays them over a GET request.
Let us verify this using the updated code.
The modified application can be accessed from the following URL.
http://192.168.56.101/webapps/double_submit/2/double_submit.html/
Enter the credit card number and click Place Order.
As you can see in the figure above, the order is placed. Now, even if we refresh the page, we will not see any duplicate insertion because we are on success.php and it only makes a GET request to fetch and display data from the backend storage.
Learn Secure Coding
Image Credits
https://upload.wikimedia.org/wikipedia/commons/f/f3/PostRedirectGet_DoubleSubmitProblem.png
Learn Secure Coding
Get hands-on experience with common coding mistakes, how they can be exploited and possible mitigations. Learn secure coding in:- Android and iOS
- C/C++, Java, .NET and PHP
- And more
In this Series
- PHP lab: PHP double submit problem.
- Enhancing code security: Tools and techniques for safeguarding your code
- DevSecOps Tools of the trade
- Software dependencies: The silent killer behind the world's biggest attacks
- Software composition analysis and how it can protect your supply chain
- Only 20% of new developers receive secure coding training, says report
- Introduction to Secure Software Development Life Cycle
- How to control the flow of a program in x86 assembly
- Mitigating MFA bypass attacks: 5 tips for developers
- How to diagnose and locate segmentation faults in x86 assembly
- How to use the ObjDump tool with x86
- Debugging your first x86 program
- How to build a program and execute an application entirely built in x86 assembly
- Overview of common x86 instructions
- x86 basics: Data representation, memory and information storage
- What is x86 assembly?
- Introduction to x86 assembly and syntax
- Introduction to variables
- How to mitigate Race Conditions vulnerabilities
- How to avoid Cryptography errors
- Cryptography errors Exploitation Case Study
- How to exploit Cryptography errors in applications
- How to exploit race conditions
- Email-based attacks with Python: Phishing, email bombing and more
- Attacking Web Applications With Python: Recommended Tools
- Attacking Web Applications With Python: Exploiting Web Forms and Requests
- Attacking Web Applications With Python: Web Scraper Python
- Python for Network Penetration Testing: Best Practices and Evasion Techniques
- Python for network penetration testing: Hacking Windows domain controllers with impacket Python tools
- Python Language Basics: Variables, Lists, Loops, Functions and Conditionals
- How to Mitigate Poor HTTP Usage Vulnerabilities
- How to Exploit Poor HTTP Usage
- Introduction to HTTP (What Makes HTTP Vulnerabilities Possible)
- How to Mitigate Integer Overflow and Underflow Vulnerabilities
- How to exploit integer overflow and underflow
- Introduction to Parallel Processing
- What are Race Conditions?
- How Are Credentials Used In Applications?
- How To Exploit Least Privilege Vulnerabilities
- XSS Vulnerabilities Exploitation Case Study
- What is is integer overflow and underflow?
- SQL Injection Vulnerabilities Exploitation Case Study
- How to exploit improper error handling
- Improper Error Handling Exploitation Case Study
- Why Improper Error Handling Happens
- How to exploit CSRF Vulnerabilities
- How to mitigate CSRF Vulnerabilities
- What Causes Command Injection Vulnerabilities? (How are Data and Code Handled in Execution Environments)
- Command Injection Vulnerabilities
- Command Injection Vulnerabilities Exploitation Case Study
- How to mitigate Command Injection Vulnerabilities
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Secure coding