9

I am creating an application, that accepts a ajax call (jquery) and returns the validated user an entry token to the website.

Say for example the ajax is called checkAuth.php and there are all the other php files in this directory. By changing the JS to validate another file like checkMail.php for example:

var xmlRequest = $.ajax({
  url: "checkAuth.php",
  processData: false,
  data: xmlDocument
});

change the url to checkMail.php and create a vulnerability in the site? 

var xmlRequest = $.ajax({
  url: "checkMail.php",
  processData: false,
  data: xmlDocument
});

Although the result would return a different object but by doing so would this create an "open door" perhaps where the malicious user would keep sending requests in order to gain access? I understand that the user would have to know that the php file exists however I am unsure how to process this securely whilst maintaining my directory structure. Please note this is not my actual code and I cant clarify the answer with these other posts or I am not understanding this correctly.

Edit: In addition - would this mean that any site using jquery would be able to ajax request any file from the server and create a vulnerability?

How to authenticate an AJAX request to a PHP file?

Question regarding Ajax Hacking

Ajax Security questions

How to send secure AJAX requests with PHP and jQuery

Community
  • 1
  • 1
m33bo
  • 1,334
  • 1
  • 17
  • 34

1 Answers1

0

In general, any AJAX request can access all files which accessible via http request like as user types full URL as the browser address.

So, you have to check security token or something else in the begining of PHP-scripts.

You can restrict access to folders or files using .htaccess, see https://stackoverflow.com/a/11729748/3325396

Community
  • 1
  • 1
Sergej Karavajnij
  • 26
  • 4