php - serious bug with random numbers -



php - serious bug with random numbers -

i create way reproduce bug having. when 2 or more users phone call page @ same sec modsecurity generates same sequence of random numbers (using rand() function php) both users.

here demonstration of bug:

http://quemfazsite.com.br/em_criacao/modelo9/teste.php

opening page, 2 iframes load , each 1 should generating random numbers independetly of each other both frames generating same sequence of random numbers! simple source code can seen below. if dont see same sequence inquire reload page few times till same number sequence.

edit: bug happens modsecurity active. if comment "loadmodule" line loads modsecurity bug wont happen!

<?php if (isset($_get["test"])) { $output= ""; ($i=0;$i<10;$i++) { $output.= rand(0,99999999) . "<br />"; } echo $output; exit(); } ?> <iframe src="put_the_same_name_of_this_file_here.php?test&953487"></iframe> <iframe src="put_the_same_name_of_this_file_here.php?test&234322"></iframe>

rand not designed produce random numbers. purpose produce pseudorandom numbers distributed uniformly between given endpoints. if create histogram of numbers you've generated, you'll see indeed uniformly distributed.

the algorithm generates these numbers exclusively deterministic. if provide same seed (usually based on current time, in example) you'll same sequence of numbers. feature, not bug: allows exploit statistical properties of distribution while beingness able reproduce results afterwards reusing seed.

if need random numbers unpredictable, should using cryptographic rng.

if want robustly avoid clashes (caused colliding time-derived seeds), you'll have check against sort of cross-session storage ensure uniqueness (e.g. file or database). if application requires numbers unique, should doing anyway.

php apache

Comments

Post a Comment

Popular posts from this blog

Delphi change the assembly code of a running process -

Delphi change the assembly code of a running process - i'm trying alter address 00741fa5 has push test.009e721c . alter push test.009e71c8 . procedure callback; asm force $9e71c8 end; procedure tform2.btn1click(sender: tobject); var ppid :dword; pprocess : cardinal; begin getwindowthreadprocessid(findwindow(nil,pchar('test')), @ppid); pprocess := openprocess(process_all_access, false, ppid); injectasm(pprocess, $741fa5, 10, integer(@callback), 0); end; here injectasm function (with error checking) function injectasm(process: longword; injectaddress, injectsize, codeaddress, codesize : integer): pointer; var csize, rsize : integer; replaced : array of byte; jmp : array [0..4] of byte; jmpaddress : integer; nopv : byte; : integer; nbr: ulong_ptr; begin //injectsize must equal or greater 5, because need space our //(far) jmp wwxxyyzz instruction //if there's no space, inject in place of few instructions if injectsize ...
Read more

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) -

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) - hello have problem hibernate , jackson. have 2 pojos @entity @table(name = "users") public class user implements serializable { static final long serialversionuid = 4235637833262722256l; @id @generatedvalue private int id; @column(name = "creation_date") private date creationdate; @column(name = "first_name") private string firstname; @column(name = "last_name") private string lastname; @version @column(name = "version") private int version; @column(name = "e_mail") private string email; @column(name = "enabled") private boolean enabled; @column(name = "login") private string login; @column(name = "password") private string password; @jsonmanagedreference("role") @onetomany(mappedby = "user", cascade = cascadetype.all,fetch = fetchtyp...
Read more

C++ 11 "class" keyword -

C++ 11 "class" keyword - i've started using c++ 11 little bit more , have few questions on special uses of class keyword. know it's used declare class, there's 2 instances have seen don't understand: method<class t>(); and class class_name *var; why precede typename keyword class in first example, , keyword pointer in sec example? that known elaborated type specifier , necessary when class name "shadowed" or "hidden" , need explicit. class t { }; // love of god don't t t; t t2; if compiler smart, give these warnings: main.cpp:15:5: error: must utilize 'class' tag refer type 't' in scope t t2; ^ class main.cpp:14:7: note: class 't' hidden non-type declaration of 't' here t t; ^ if class not defined, deed forwards declaration. for example: template <typename t> void method() { using type = typename t::value_type; } method...
Read more