NegativeAttitude

i tried a lot of options but nothing works, it's frustrating.

Hi, i'm new on this forum. I have some kind of school project and i need to fix the security issues in 5 PHP scripts, it includs SQL injection/Path Traversal/XSS, i have already filtered most of the "faults", problem is that i cant find the right solution's. (mysql_escape_string etc.. ) Can somebody have a look and maybe help me? This are the 5 scripts: Index.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/> <link rel="stylesheet" type="text/css" href="contents.php?file=style.css" media="screen"/> <title>What's up</title> </head> <body> <div class="top"> <div class="header"> <div class="left"></div> <div class="right"> <h2>What's up</h2> <p>Deze website maakt onderdeel uit van een Certified Secure challenge en wordt beveiligd door de beste specialisten.</p> </div> </div> </div> <div class="container"> <div class="main"> <div class="content"> <h1>This is up</h1> <? mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh"); mysql_select_db("whatsupVvHbE9"); $result = mysql_query("SELECT name, site, message, `when` FROM messages"); while($res = mysql_fetch_assoc($result)) { ?> <div class="descr"><?=$res['when']?> door <a href=<?=$res['site']?>><?=$res['name']?></a></div> <blockquote> <p><?=$res['message']?></p> </blockquote> <? } ?> <h1>Vertel zelf</h1> <form method="POST" action="add.php"> <label for="name">Naam</label><input type="text" name="name" id="name"/> <div class="clearer"></div> <label for="website">Website</label><input type="text" name="website" id="website"/> <div class="clearer"></div> <label for="message">What's up</label><textarea name="message" id="message"></textarea> <div class="clearer"></div> <label for="submit"></label><input type="submit" id="submit"/> </form> </div> <div class="sidenav"> <h2>Zoek</h2> <form method="GET" action="search.php"> <input type="text" name="search" size="16"/><input type="submit" value="zoek"/> </form> <h2>Over</h2> <p>Op deze website mag iedereen vertellen hoe het met hem of haar gaat. Slechte dag gehad omdat je site is gekraakt? Ontslagen? Of juist een nieuwe baan als Security Officer? Laat het weten!</p> </div> <div class="clearer"><span></span></div> </div> <div class="footer">©2013 What's up. Template design door<a href="http://arcsin.se">Arcsin</a></div> </body> </html> ---------------------------------------------------------------------------------------------------------------------------------- add.php <? mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh"); mysql_select_db("whatsupVvHbE9"); if (!isset($_POST['name']) || !isset($_POST['website']) || !isset($_POST['message'])) { print 'Niet alle velden zijn ingevuld'; exit; } $result = mysql_query("INSERT INTO messages (name, site, message) VALUES ('" . $_POST['name'] . "','" . $_POST['website'] . "','" . $_POST['message'] . "')"); if (!$result) { print 'Fout_IN_SQL'; exit; } $id = mysql_insert_id(); header("Location: view.php?id=" . intval($id)); ?> ----------------------------------------------------------------------------------------------------------------------------- View.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/> <link rel="stylesheet" type="text/css" href="contents.php?file=style.css" media="screen"/> <title>What's up</title> </head> <body> <div class="top"> <div class="header"> <div class="left"></div> <div class="right"> <h2>What's up</h2> <p>Deze website maakt onderdeel uit van een Certified Secure challenge en wordt beveiligd door de beste specialisten.</p> </div> </div> </div> <div class="container"> <div class="main"> <div class="content"> <h1>Bekijken_MESSAGE</h1> <? mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh"); mysql_select_db("whatsupVvHbE9"); if (isset($_GET['id'])) { $result = mysql_query("SELECT name, site, message, `when` FROM messages WHERE id = " . $_GET['id']); $res = mysql_fetch_assoc($result); ?> <div class="descr"><?=$res['when']?> by <a href=<?=$res['site']?>><?=$res['name']?></a></div> <blockquote> <p><?=$res['message']?></p> </blockquote> <? } ?> <h1>Vertel zelf</h1> <form method="POST" action="add.php"> <label for="name">Naam</label><input type="text" name="name" id="name"/> <div class="clearer"></div> <label for="website">Website</label><input type="text" name="website" id="website"/> <div class="clearer"></div> <label for="message">What's up</label><textarea name="message" id="message"></textarea> <div class="clearer"></div> <label for="submit"></label><input type="submit" id="submit"/> </form> </div> <div class="sidenav"> <h2>Zoek</h2> <form method="GET" action="search.php"> <input type="text" name="search" size="16"/><input type="submit" value="zoek"/> </form> <h2>Over</h2> <p>Op deze website mag iedereen vertellen hoe het met hem of haar gaat. Slechte dag gehad omdat je site is gekraakt? Ontslagen? Of juist een nieuwe baan als Security Officer? Laat het weten!</p> </div> <div class="clearer"><span></span></div> </div> <div class="footer">©2013 What's up. Template design door<a href="http://arcsin.se">Arcsin</a></div> </div> </body> </html> ----------------------------------------------------------------------------------------------------------------------------- Contents.php <? if (!isset($_GET['file'])) { exit; } if (substr($_GET['file'], -4, 4) == '.css') { header('Content-type: text/css'); } if (substr($_GET['file'], -4, 4) == '.png') { header('Content-type: image/png'); } if (substr($_GET['file'], -4, 4) == '.gif') { header('Content-type: image/gif'); } if (substr($_GET['file'], -4, 4) == '.jpg') { header('Content-type: image/jpeg'); } if (file_exists("/var/www/contents/" . $_GET['file'])) { printfile_get_contents("/var/www/contents/" . $_GET['file']); } ---------------------------------------------------------------------------------------------------------------------------- Search.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/> <link rel="stylesheet" type="text/css" href="contents.php?file=style.css" media="screen"/> <title>What's up</title> </head> <body> <div class="top"> <div class="header"> <div class="left"></div> <div class="right"> <h2>What's up</h2> <p>Deze website maakt onderdeel uit van een Certified Secure challenge en wordt beveiligd door de beste specialisten.</p> </div> </div> </div> <div class="container"> <div class="main"> <div class="content"> <h1>ResultaatS_SEARCH</h1> <? mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh"); mysql_select_db("whatsupVvHbE9"); if (isset($_GET['search'])) { $result = mysql_query("SELECT name, site, message, `when` FROM messages WHERE message LIKE '%" . $_GET['search'] . "%'"); while($res = mysql_fetch_assoc($result)) { ?> <div class="descr"><?=$res['when']?> door <a href=<?=$res['site']?>><?=$res['name']?></a></div> <blockquote> <p><?=$res['message']?></p> </blockquote> <? } } ?> <h1>Vertel zelf</h1> <form method="POST" action="add.php"> <label for="name">Naam</label><input type="text" name="name" id="name"/> <div class="clearer"></div> <label for="website">Website</label><input type="text" name="website" id="website"/> <div class="clearer"></div> <label for="message">What's up</label><textarea name="message" id="message"></textarea> <div class="clearer"></div> <label for="submit"></label><input type="submit" id="submit"/> </form> </div> <div class="sidenav"> <h2>Zoek</h2> <form method="GET" action="search.php"> <input type="text" name="search" size="16"/><input type="submit" value="zoek"/> </form> <h2>Over</h2> <p>Op deze website mag iedereen vertellen hoe het met hem of haar gaat. Slechte dag gehad omdat je site is gekraakt? Ontslagen? Of juist een nieuwe baan als Security Officer? Laat het weten!</p> </div> <div class="clearer"><span></span></div> </div> <div class="footer">©2013 What's up. Template design door<a href="http://arcsin.se">Arcsin</a></div> </body> </html> Thanks in advance! NA