The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> PHP Development
|
Please attack this page, rate the security.
Discuss Please attack this page, rate the security. in the PHP Development forum on Dev Shed.
Please attack this page, rate the security. PHP Development forum discussing coding practices, tips on PHP, and other PHP-related topics. PHP is an open source scripting language that has taken the web development industry by storm.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
November 7th, 2012, 12:49 AM
|
 |
A Change of Season
|
|
|
|
|
Please attack this page, rate the security.
Hello Devshed;
I was wondering if you can help me find security holes in this page I'm making.
I want to make it secure, of course I am not talking bank secure, but reasonably secure!
It checks the database to make sure the email address you are inserting is not already there. So here's a chance to break the database. Also xss attacks are welcome too.
Please write your feed back so I can work on it more and make it secure enough.
Thank you.
|
November 7th, 2012, 04:04 AM
|
 |
Square Peg in a Round Hole
|
|
Join Date: Oct 2007
Location: North Yorkshire, UK
|
|
|
So, I can create a member with garbage inputs, no validation or confirmation required
This could be automated to generate 1000's of users
Once logged in I could delete a photo. Your delete action was based on links, so your site fails of XSRF straight away (even when the action is based on post, some anti-XSRF token is required to prevent this, b ut when its on links the attack is soooo much easier)
I couldn't upload an image
|
November 7th, 2012, 04:21 AM
|
 |
pollyanna
|
|
Join Date: Jul 2012
Location: Germany
|
|
Hi,
it would make more sense to let somebody review the code. A professional penetration test isn't trivial and requires a lot of effort, so I doubt that anybody here can and will do it for free.
Anyway, after playing around, I've found two strange reactions:
When I input "<script>alert(0)</script>" into any text field, I'm redirected to a "403 forbidden" page with strange text:
Code:
Error 403: Forbidden
Your PHP settings have been disabled by an H-Sphere administrator.
Your current PHP configuration:
-->
This configuration was changed:
Please bring your PHP configuration in compliance with admin settings or request your administrator to re-enable support of your settings.
You don't have permissions to access this page. This usually means one of the following:
this file and directory permissions make them unavailable from the Internet.
.htaccess contains instructions that prevent public access to this file or directory.
Please check file and directory permissions and .htaccess configuration if you are able to do this. Otherwise, request your webmaster to grant you access.
Other JavaScript stuff will be removed. I guess this is some security feature, but I don't see why it should redirect to an error page.
When I try to upload an invalid file type, I get a PHP error on the upper left corner:
Code:
A PHP Error was encountered
Severity: Warning
Message: finfo_open(): Failed to load magic database at ''.
Filename: libraries/Upload.php
Line Number: 1035
Last edited by Jacques1 : November 7th, 2012 at 04:27 AM.
|
November 7th, 2012, 06:21 PM
|
|
A Change of Season
|
|
|
|
Quote: | Originally Posted by Northie So, I can create a member with garbage inputs, no validation or confirmation required | I am adding email confirmation feature now, it is a good idea. And probably a cron job to remove uncomfirmed emails after 3 days.
Quote: | Originally Posted by Northie
Once logged in I could delete a photo. Your delete action was based on links, so your site fails of XSRF straight away (even when the action is based on post, some anti-XSRF token is required to prevent this, but when its on links the attack is soooo much easier)
| I left that open cause I am running some tests on codeiginters upload features. Ive got some issues with php settings on my server, just gonna write them for Jacques1 as he found 2 issues. Quote: | Originally Posted by Northie I couldn't upload an image | That is strange! What kind of image? jpeg? Did you get an error message?
Thanks
|
November 7th, 2012, 06:26 PM
|
|
A Change of Season
|
|
|
|
Quote: | Originally Posted by Jacques1 Hi,
it would make more sense to let somebody review the code. A professional penetration test isn't trivial and requires a lot of effort, so I doubt that anybody here can and will do it for free.
| Of course. Just for the record : )
PHP Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Gallery extends CI_Controller
{
protected $current_photos=0;
public function index()
{
$data['title'] = "Gallary Page";
$data['upload_data']="";
$data['photos']='';
$data['photos_message'] = "No message";
$this->load->vars($data);
if($this->input->post('submit'))
{
if($this->load_photos())
{
$this->do_upload();
}
}
else
{
$this->load_photos();
}
$this->view_things();
}
function do_upload()
{
$config['upload_path'] = 'uploads/';
$this->load->model('add_photo_model');
$data['new_photo'] = $this->add_photo_model->new_photo_name();
$config['file_name'] = $data['new_photo'];
//$config['overwrite'] = TRUE;
$config['allowed_types'] = 'gif|jpg|png';
$config['max_size'] = '1500';
$config['max_width'] = '1024';
$config['max_height'] = '1000';
$this->load->library('upload', $config);
if (!$this->upload->do_upload())
{
$data['upload_data'] = $this->upload->display_errors();
$this->load->vars($data);
}
else
{
$photo['details']= array('upload_data' => $this->upload->data());
$this->add_photo_model->add($data['new_photo']);
$data['upload_data'] = "The photo has been uploaded successfully";
$this->load->vars($data);
$this->resize($data['new_photo']);
}
}
public function resize($photo)
{
$config['image_library'] = 'gd2';
$config['source_image'] = 'uploads/'.$photo;
$config['new_image'] = 'uploads/thumb_'.$photo;
$config['maintain_ratio'] = TRUE;
$config['width'] = 220;
$config['height'] = 220;
$this->image_lib->initialize($config);
$this->load->library('image_lib', $config);
if (!$this->image_lib->resize())
{
$data['resize_errors'] = $this->image_lib->display_errors();
}
else
{
$this->do_watermark($photo);
//redirect(site_url()."gallery");
}
}
public function do_watermark($photo)
{
$config['source_image'] = 'uploads/thumb_'.$photo;
$config['new_image'] = 'uploads/thumb_water_'.$photo;
$config['wm_text'] = 'Behnam';
$config['wm_type'] = 'text';
$config['wm_font_path'] = './system/fonts/texb.ttf';
$config['wm_font_size'] = '14';
$config['wm_font_color'] = 'ffffff';
$config['wm_vrt_alignment'] = 'bottom';
$config['wm_hor_alignment'] = 'center';
$config['wm_padding'] = '5';
$this->image_lib->initialize($config);
$this->image_lib->watermark();
redirect(site_url()."gallery");
}
public function load_photos()
{
$this->load->model('load_photos_model');
$photos = $this->load_photos_model->check();
if($photos)
{
$this->current_photos=$photos['number_of_rows'];
foreach($photos['results'] as $val)
{
$data['photos'][]=$val->photo.",".$val->id;
}
$data['photos_message'] = "There are ".$this->current_photos." photos uploaded so far<br />";
$this->load->vars($data);
if($this->current_photos<150)
{
return true;
}
else
{
$data['photos_message'] = "Limit! There are already ".$photos['number_of_rows']." uploaded!";
$this->load->vars($data);
}
}
else
{
$data['photos_message'] = "There are no photos uploaded yet!";
$this->load->vars($data);
return true;
}
}
public function delete($photo)
{
$this->load->model('load_photos_model');
$delete = $this->load_photos_model->delete($photo);
if($delete)
{
unlink('uploads/'.$photo.'.jpg');
redirect(site_url()."gallery");
}
else
{
redirect(site_url()."gallery");
}
}
public function view_things()
{
$this->load->view('header_view');
$this->load->view('gallery_view');
$this->load->view('footer_view');
}
}
Quote: | Originally Posted by Jacques1 Anyway, after playing around, I've found two strange reactions:
When I input "<script>alert(0)</script>" into any text field, I'm redirected to a "403 forbidden" page with strange text:
Code:
Error 403: Forbidden
Your PHP settings have been disabled by an H-Sphere administrator.
Your current PHP configuration:
-->
This configuration was changed:
Please bring your PHP configuration in compliance with admin settings or request your administrator to re-enable support of your settings.
You don't have permissions to access this page. This usually means one of the following:
this file and directory permissions make them unavailable from the Internet.
.htaccess contains instructions that prevent public access to this file or directory.
Please check file and directory permissions and .htaccess configuration if you are able to do this. Otherwise, request your webmaster to grant you access.
Other JavaScript stuff will be removed. I guess this is some security feature, but I don't see why it should redirect to an error page. | This is due to my server setting, as I am sharing the hosting they dont allow my htaccess changed! I am currently working on this. Thanks for picking this up. FOr me it worked fine locally so I was sure it is ok online too!
Quote: | Originally Posted by Jacques1
When I try to upload an invalid file type, I get a PHP error on the upper left corner:
Code:
A PHP Error was encountered
Severity: Warning
Message: finfo_open(): Failed to load magic database at ''.
Filename: libraries/Upload.php
Line Number: 1035
| Again, php version is 5.2 which is dated and not compatible with Codeigniters latest version. FOr now I changed the upload class and asked the server to upgrade my php.
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
