happypete
-
Posts
124 -
Joined
-
Last visited
-
Days Won
1
Posts posted by happypete
-
-
Site is not currently down. If your IP is blocked I can only unblock it if you are happy to let me know what it is....
-
Made some changes to enhance the file upload security: URL: http://bit.ly/QfI6od
-
thanks.
it didn't work at first but too out some white space:
<LimitExcept GET POST DELETE>
require valid-user
</LimitExcept>
-
Thanks again for testing.
I've read about HTTP verb tampering but still not sure how to stop it.
Originally I had this in the .htaccess file:
# disable directory browsing
Options All -Indexes
but took it out as it didn't seem to do anything security wise
FIX
1. Limit HTTP Verbs
There are two ways how you can limit which HTTP Verbs should be handled by your server.
Limit directive ? By using the limit Apache directive, you specify which HTTP verbs (methods) you want to allow.
I need to allow GET, POST & DELETE (I have file uploads and deletes) so how do I restrict that without restricting legitimate users from using the software?
2. Always ask for Authentication
The second method is to completely remove any type of HTTP method restrictions (Limit or LimitExcept) from access control and authorization rules, and adjust your .htaccess configuration to ALWAYS ask for authentication. Example of a .htaccess file follows:
AuthUserFile C:\xampp\htdocs\Acuart\.htpasswd
AuthName "Authorization Required"
AuthType Basic
require valid-user
How to I relate this to a login script?
-
I've updated the script and it available for some more testing if you are willing: URL: http://bit.ly/QfI6od
-
Solved it. I added the following:
require ('htmlpure/HTMLPurifier.standalone.php'); $config = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($config); // purify each description foreach ($_POST['description'] AS $key=>$val) { $_POST['description'][$key] = $purifier->purify($val); }; -
thanks. just getting some help on how to apply it to my photo gallery (http://forums.phpfreaks.com/index.php?topic=365133.0) them will upload it to the test site
-
Hi,
I have a photo gallery that I was updating with the following code, but want to implement the htmlpurifier instead
// Update galley title and orders $sql = "UPDATE photos SET description=?, rank=? WHERE id=? AND siteid=?"; $stmt = $db->prepare($sql); if(count($_POST['rank']) > 0) { foreach($_POST['rank'] AS $key => $val) { $stmt->execute(array( htmlentities(str_replace(array('/iframe', '/script'), '', $_POST['description'][$key])), $val, $key, $siteid) ); } }I need to use htmlpurifier on each $_POST['description'] but haven't got a clue how to implement it.
require ('htmlpure/HTMLPurifier.standalone.php'); $config = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($config); $clean_html1 = $purifier->purify(stripslashes($_POST['description']));Do I need to put the '$_POST['description']' into an array first to apply the htmlpurifier, if so how do I go about doing that?
-
I'm using htmlpurifier on the WYSIWYG textarea and
htmlspecialchars(stripslashes($_POST[$page1]), ENT_QUOTES, "UTF-8"),
on the other text inputs.
admin.php
<?php // check user logged in include("assets/member.inc.php"); $member->LoggedIn(); $page = $_GET['page']; if ($page == 'home') { $page = 'home'; } elseif ($page == 'gallery') { $page = 'gallery'; } elseif ($page == 'features') { $page = 'features'; } elseif ($page == 'location') { $page = 'location'; } elseif ($page == 'rates') { $page = 'rates'; } elseif ($page == 'availability') { $page = 'availability'; } elseif ($page == 'contact') { $page = 'contact'; } elseif ($page == 'testimonials') { $page = 'testimonials'; } else { header('Location: index.php'); exit; } $page1 = $page.'title'; $page2 = $page.'text'; // Extract details from database $sql = "SELECT * FROM content WHERE siteid=".(int) $siteid.""; $stmt = $db->prepare($sql); $stmt->execute(); $e = $stmt->fetch(); ?> <!DOCTYPE html> <html lang="en"> <head> <?php include('inc/head.php'); ?> </head> <body> <div id="content"> <div class="editcontent"> <h1><?php echo ucfirst($page); ?> Page</h1> <form method="post" action="adminupdate.php?page=<?php echo $page ;?>" enctype="multipart/form-data"> <label><?php echo ucfirst($page); ?> Page Title <span>(max 90 characters)</span> <input type="text" name="<?php echo $page1; ?>" maxlength="90" value="<?php echo stripslashes($e[$page1]) ?>" class="large" /> </label> <label><?php echo ucfirst($page); ?> Page Content</label> <textarea name="<?php echo $page2; ?>" id="ckeditor"><?php echo htmlspecialchars(stripslashes($e[$page2])) ?></textarea> <p> </p> <div class="clear"></div> <input id="button" class="button" type="submit" name="submit" value="Save Changes" /> <input id="button" class="buttoncancel" type="submit" name="submit" value="Cancel / Return to site" /> <div id="spinner" class="spinner"><img id="img-spinner" src="../media/spinner.gif" alt="Loading"/></div> </form> </div><!--content--> </div><!--content--> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> <script>window.jQuery || document.write('<script src="js/jquery.min.js"><\/script>')</script> <script type="text/javascript"> $(document).ready(function(){$('#button').click(function(){$('#spinner').show()})}); </script> <script type="text/javascript" src="ckeditor/ckeditor.js"></script> <script type="text/javascript"> CKEDITOR.replace( 'ckeditor', { toolbar : [ ['Cut','Copy','Paste','PasteText','PasteFromWord','-','Print', 'SpellChecker'], ['Undo','Redo'], ['Bold','Italic','Underline','Strike','-','Subscript','Superscript'], ['NumberedList','BulletedList','-'], ['JustifyLeft','JustifyCenter','JustifyRight','JustifyBlock'], ['Link','Unlink'], ['HorizontalRule','SpecialChar'], ['Format'],['Source'], ] }); </script> </body> </html>adminupdate.php
<?php // check user logged in include("assets/member.inc.php"); $member->LoggedIn(); require ('htmlpure/HTMLPurifier.standalone.php'); // Get page name that need updating $page = $_GET['page']; if ($page == 'home') { $page = 'home'; } elseif ($page == 'gallery') { $page = 'gallery'; } elseif ($page == 'features') { $page = 'features'; } elseif ($page == 'location') { $page = 'location'; } elseif ($page == 'rates') { $page = 'rates'; } elseif ($page == 'availability') { $page = 'availability'; } elseif ($page == 'contact') { $page = 'contact'; } elseif ($page == 'testimonials') { $page = 'testimonials'; } else { header('Location: index.php'); exit; } $page1 = $page.'title'; $page2 = $page.'text'; // Check if coming from a POST command and Save Changes // Save header and text and email if($_SERVER['REQUEST_METHOD']=='POST' && $_POST['submit']=='Cancel / Return to site') { // cancel & return to admin page header('Location: index.php?success=5&page='.$page.'&#'.$page.''); exit; } // Check if coming from a POST command and Save Changes // Save header and text and email if($_SERVER['REQUEST_METHOD']=='POST' && $_POST['submit']=='Save Changes') { $config = HTMLPurifier_Config::createDefault(); $config->set('Core.Encoding', 'UTF-8'); $config->set('HTML.AllowedElements', 'p,b,strong,i,em,u,a,ol,ul,li,hr,blockquote,img,table,tr,td,th,span,object,param,embed'); $config->set('HTML.AllowedAttributes', 'a.href'); $purifier = new HTMLPurifier($config); $clean_html2 = $purifier->purify(stripslashes($_POST[$page2])); $sql = "UPDATE content SET $page1=?, $page2=? WHERE siteid=".(int) $siteid." LIMIT 1"; $stmt = $db->prepare($sql); $stmt->execute( array( htmlspecialchars(stripslashes($_POST[$page1]), ENT_QUOTES, "UTF-8"), $clean_html2, ) ); $stmt->closeCursor(); // once updated return to admin page header('Location: index.php?success=1&page='.$page.'&#'.$page.''); exit; } else { // If nothing happend send back to admin page header('Location: index.php?success=error&#=[$page]'); exit; } ?> -
if I use htmlpurifier should I use it on all text inputs or just the ones where a WYIWYG edit is used. If I use it on all inputs doesn't it use up a lot or server resources and slow things down?
-
make sure the relative path to the phpmailer script is correct. you may need to add '../' if you placed it in the root folder as you may be calling it form the jbb folder..?
require_once('../phpmailer/phpmailer.inc.php');never tried it with gmail, try creating a new email test@jbbarry.ie in your hosting account and see if that works
$mail = new PHPMailer(); $mail->IsSMTP(); // telling the class to use SMTP $mail->Host = "mail.jbbarry.ie"; // SMTP server //$mail->SMTPDebug = 2; // 1 = errors and messages,2 = messages only $mail->SMTPAuth = true; // enable SMTP authentication $mail->Host = "mail.jbbarry.ie"; // sets the SMTP server $mail->Port = 25; // set the SMTP port for the GMAIL server $mail->Username = "test@jbbarry.ie"; // SMTP account username (the email account your created) $mail->Password = "whateverpassowordyouchose"; // SMTP account password (the password for the above email account)
-
Thanks very much darkfreaks, I will sort those last folders and am really happy that my project is a little bit more secure
-
Have a look at the post I wrote here: http://forums.phpfreaks.com/index.php?topic=364919.msg1729571#msg1729571
-
I spent hours trying to figure that one out a while back, so hopefully this will help:
Your form uses the php mail() function, you need PHP mailer...
download phpmailer: http://phpmailer.worxware.com/index.php?pg=phpmailer
include it and define an email to send the form to:
require_once('phpmailer/class.phpmailer.php'); include("phpmailer/class.smtp.php"); $emailaddress = 'your@youremail.com';create your message from your form:
$message= 'Name: '.$_POST['name'].'<br /> Email: '.$_POST['email'].'<br /> Subject: '.$_POST['subject'].'<br /> IP: '.$_SERVER['REMOTE_ADDR'].'<br /><br /> Message:<br /><br /> '.nl2br($_POST['msg']).' ';
and sent it with SMTP (you will need to create an email address in your hosting control panel something like: smtp@yourdomain.com)
$mail = new PHPMailer(); $mail->IsSMTP(); // telling the class to use SMTP $mail->Host = "mail.yourdomain.com"; // SMTP server //$mail->SMTPDebug = 2; // 1 = errors and messages,2 = messages only $mail->SMTPAuth = true; // enable SMTP authentication $mail->Host = "mail.yourdomain.com"; // sets the SMTP server $mail->Port = 25; // set the SMTP port for the GMAIL server $mail->Username = "smtp@yourdomain.com"; // SMTP account username (the email account your created) $mail->Password = "123456"; // SMTP account password (the password for the above email account) $mail->CharSet = 'UTF-8'; // so it interprets foreign characters $mail->SetFrom($_POST['email']); $mail->AddReplyTo($_POST['email']); $mail->Subject = "Contact form from ".$_POST['name']." "; $mail->MsgHTML($message); $mail->AddAddress($emailaddress); $mail->Send();
-
Just so you know, a lot of these tools are browser plugins. I know FF has XSS ME, SQL Inject me, Exploit me, and a few others for common vulnerabilities and security holes.
thanks, I've tired some of those, but didn't come up with the stuff darkfreaks pointed out
-
Hi darkfreaks,
I have made some changes to my script and if you have time would really appreciate if you would check it for me again,
Thanks, Pete
-
thanks again, I appreciate the time you have taken to do this...now I have lots of homework!
-
thanks very much, I really appreciate you taking the time
-
I recently tried the following script and think it may be exactly what your are looking for: http://www.firedartstudios.com/labs/tutis-login
-
Hi Experts,
I'm designing the back-end of a CMS and not being a great programmer would like someone to test the script for vulnerabilities, in particular:
- image uploads + photo gallery in general
- availability calendar (the calendar isn't showing on the index.php page but can be viewed/updated by clicking the 'Edit Availbility Calendar' link
- WYSIWYG inputs
- Google Map
URL: http://bit.ly/QfI6od
Verification: http://bit.ly/SdI4Rr
If you find any vulnerabilities then hinds on getting them sorted would be very much appreciated
Thanks a lot,
Pete
- image uploads + photo gallery in general
-
-
Hi,
The idea is a user signs up for a free trail on the main site and a mini site is created in Cpanel under a 'subdomain' and files copied across to create the mini site. When the trial is up the user can purchases a domain name for their site that will be an 'addon domain' via Cpanel.
QUESTION: Is there a way this can be done with a subdirectory and not a subdomain using .htaccess? A subdirectory is easier to create with a PHP script and copy files across than a subdomain, and files can be reused between directories easier than between subdomains. If this can be done with .htaccess any pointers will be greatly appreciated.
thanks in advance
-
I just get a white page. and no email is sent out
-
My server doest allow the 'mail' function so I'm trying to add the PHPMailer to the following code. Ive used it before, but just cant work out how to add it to this script....
I've added the PHPmailer class
require_once('phpmailer/class.phpmailer.php'); include("phpmailer/class.smtp.php");The bit I'm stuck on is how to change the mail function to use PHPMailer instead
/* Is both Username and Password set? */ if(!isset($error)) { $return_form = 0; /* Final Format */ $password = $this->genHash($this->genSalt(), $password); /* Send the user a welcome E-Mail */ if($this->email_welcome == true) { /* Send the user an E-Mail */ /* Can we send a user an E-Mail? */ if(function_exists('mail') && $this->email_master != null) { $subject = "Thank you for creating an account, " . $username; $body_content = "Hi " . $username . ",<br />Thanks for signing-up!<br /><br /><i>-Admin</i>"; /* E-Mail body */ $body = '<html lang="en"><body style="margin: 0; padding: 0; width: 100% !important;" bgcolor="#eeeeee"><table bgcolor="#eeeeee" cellpadding="0" cellspacing="0" border="0" align="center" width="100%" topmargin="0"><tr><td align="center" style="margin: 0; padding: 0;"><table cellpadding="0" cellspacing="0" border="0" align="center" width="100%" style="padding: 20px 0;"><tr><td width="600" style="font-size: 0px;"> </td></tr></table><table width="600" cellspacing="0" cellpadding="0" border="0" align="center" class="header" style="border-bottom: 1px solid #eeeeee; font-family: Helvetica, Arial, sans-serif; background:#ffffff;"><tbody><tr><td width="20" style="font-size: 0px;"> </td><td width="580" align="left" style="padding: 5px 0 10px;"><h1 style="color: #444444; font: bold 32px Helvetica, Arial, sans-serif; margin: 0; padding: 0; line-height: 40px; border: none;">Your accound has been created</h1></td></tr></tbody></table></td></tr><tr><td align="center" style="margin: 0; padding: 0;"><table align="center" border="0" style="background-color:#ffffff;" width="600" height="100" cellpadding="3" cellspacing="3"><tr><td style="color: #222222; font: normal 16px Helvetica, Arial, sans-serif; margin: 0; padding: 10px; line-height: 18px;">' . $body_content . '</td></tr></table></td></tr><tr><td align="center" style="margin: 0; padding: 0;"><table cellpadding="0" cellspacing="0" border="0" align="center" width="100%" style="padding: 20px 0;"><tr><td width="600" style="font-size: 0px;"> </td></tr></table></td></tr></table></body></html>'; /* Headers */ $headers = "From: " . strip_tags($this->email_master) . "\r\n"; $headers .= "Reply-To: ". strip_tags($this->email_master) . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; /* Send it */ mail($email, $subject, $body, $headers); } }trying to change the 'mail' function and use this:
$mail = new PHPMailer(); $mail->IsSMTP(); // telling the class to use SMTP $mail->Host = "mail.mydomain.com"; // SMTP server $mail->SMTPDebug = 1; // 1 = errors and messages,2 = messages only $mail->SMTPAuth = true; // enable SMTP authentication $mail->Host = "mail.mydomain.com"; // sets the SMTP server $mail->Port = 25; // set the SMTP port for the GMAIL server $mail->Username = "user@mydomain.com"; // SMTP account username $mail->Password = "mypassword"; // SMTP account password $mail->CharSet = 'UTF-8'; // so it interprets foreign characters $mail->SetFrom = 'email@yahoo.com'; $mail->AddReplyTo = 'email@yahoo.com'; $mail->Subject($subject); $mail->MsgHTML($body); $mail->AddAddress($email); //($email_master); $mail->Send();
So I need to change these lines..??
/* Can we send a user an E-Mail? */
if(function_exists('mail') && $this->email_master != null)
&
/* Send it */
if(mail($email, $subject, $body, $headers))
I tried this but it didn't work:
/* Is both Username and Password set? */ if(!isset($error)) { $return_form = 0; /* Final Format */ $password = $this->genHash($this->genSalt(), $password); /* Send the user a welcome E-Mail */ if($this->email_welcome == true) { /* Send the user an E-Mail */ /* Can we send a user an E-Mail? */ if($this->email_master != null) { $subject = "Thank you for creating an account, " . $username; $body_content = "Hi " . $username . ",<br />Thanks for signing-up!<br /><br /><i>-Admin</i>"; /* E-Mail body */ $body = '<html lang="en"><body style="margin: 0; padding: 0; width: 100% !important;" bgcolor="#eeeeee"><table bgcolor="#eeeeee" cellpadding="0" cellspacing="0" border="0" align="center" width="100%" topmargin="0"><tr><td align="center" style="margin: 0; padding: 0;"><table cellpadding="0" cellspacing="0" border="0" align="center" width="100%" style="padding: 20px 0;"><tr><td width="600" style="font-size: 0px;"> </td></tr></table><table width="600" cellspacing="0" cellpadding="0" border="0" align="center" class="header" style="border-bottom: 1px solid #eeeeee; font-family: Helvetica, Arial, sans-serif; background:#ffffff;"><tbody><tr><td width="20" style="font-size: 0px;"> </td><td width="580" align="left" style="padding: 5px 0 10px;"><h1 style="color: #444444; font: bold 32px Helvetica, Arial, sans-serif; margin: 0; padding: 0; line-height: 40px; border: none;">Your accound has been created</h1></td></tr></tbody></table></td></tr><tr><td align="center" style="margin: 0; padding: 0;"><table align="center" border="0" style="background-color:#ffffff;" width="600" height="100" cellpadding="3" cellspacing="3"><tr><td style="color: #222222; font: normal 16px Helvetica, Arial, sans-serif; margin: 0; padding: 10px; line-height: 18px;">' . $body_content . '</td></tr></table></td></tr><tr><td align="center" style="margin: 0; padding: 0;"><table cellpadding="0" cellspacing="0" border="0" align="center" width="100%" style="padding: 20px 0;"><tr><td width="600" style="font-size: 0px;"> </td></tr></table></td></tr></table></body></html>'; /* Headers */ $headers = "From: " . strip_tags($this->email_master) . "\r\n"; $headers .= "Reply-To: ". strip_tags($this->email_master) . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; /* Send it */ $mail = new PHPMailer(); $mail->IsSMTP(); // telling the class to use SMTP $mail->Host = "mail.mydomain.com"; // SMTP server $mail->SMTPDebug = 1; // 1 = errors and messages,2 = messages only $mail->SMTPAuth = true; // enable SMTP authentication $mail->Host = "mail.mydomain.com"; // sets the SMTP server $mail->Port = 25; // set the SMTP port for the GMAIL server $mail->Username = "user@mydomain.com"; // SMTP account username $mail->Password = "mypassword"; // SMTP account password $mail->CharSet = 'UTF-8'; // so it interprets foreign characters $mail->SetFrom = 'email@yahoo.com'; $mail->AddReplyTo = 'email@yahoo.com'; $mail->Subject($subject); $mail->MsgHTML($body); $mail->AddAddress($email); //($email_master); $mail->Send(); } }
CMS backend: test for vulnerabilities and security problems
in Beta Test Your Stuff!
Posted
Image upload code:
<?php // check user logged in include('db.inc.php'); require ('htmlpure/HTMLPurifier.standalone.php'); // Check if coming from a POST command and Cancel if($_SERVER['REQUEST_METHOD']=='POST' && $_POST['submit']=='Return to gallery') { // If cancelled return to index page header('Location: gallery.php?success=5'); exit; } // Check if coming from a POST command and Upload if($_SERVER['REQUEST_METHOD']=='POST' && $_POST['submit']=='Upload') { // File Size Check @session_start(); $file_size = filesize($_FILES['image']['tmp_name']); if($file_size === 0) { $_SESSION['msg'] = 'That was an empty file!'; header('Location: gallery-upload.php'); exit; } else if($file_size >= (2480000)) { $_SESSION['msg'] = 'Image size is to big. Max upload 2MB'; header('Location: gallery-upload.php'); exit; } else if(!preg_match('/(JPE?G|PNG|GIF)/i', $_FILES['image']['name'])) { $_SESSION['msg'] = 'Invalid image format only JPG, PNG & GIF formts'; header('Location: gallery-upload.php'); exit; } else if(strpos($_FILES['image']['name'],'php')) { $_SESSION['msg'] = 'Invalid image format only JPG, PNG & GIF formts.'; header('Location: gallery-upload.php'); exit; } else if(substr_count($_FILES['image']['name'], '.')>1){ //check double file type $_SESSION['msg'] = 'Invalid image format only JPG, PNG & GIF formts..'; header('Location: gallery-upload.php'); exit; } $newPath = '' . basename($_FILES['image']['name']); (move_uploaded_file($_FILES['image']['tmp_name'], $newPath)); // *** Include the class include("inc/resize-class.php"); // *** Create 'random number' + 'vacation_rentals' for image name $imagename = time() . '_' . mt_rand(1000,9999) . '_' . 'vacation_rentals' . '.jpg'; // What Directories to put the images $largelocation = '/home/palermo/public_html/'.$siteid.'/images/'; $thumblocation = '/home/palermo/public_html/'.$siteid.'/images/thumb/'; //thumbnail location $large = $largelocation . $imagename; $thumb = $thumblocation . $imagename; // *** 1) Initialise / load image $resizeObj = new resize($newPath); // *** 2) Resize LARGE image (options: exact, portrait, landscape, auto, crop) $resizeObj -> resizeImage(667, 500); //was 650, 487 // *** 3) Save image + define quality $resizeObj -> saveImage($large, 95); // *** 4) Initialise / load image for second resize $resizeObj = new resize($newPath); // *** 5) Resize THUMB (options: exact, portrait, landscape, auto, crop) $resizeObj -> resizeImage(150, 100, 'crop'); //was 220, 165 // *** 6) Save image + define quality $resizeObj -> saveImage($thumb, 95); // Remove file from temp Directory unlink($newPath) ; // Find the highest number in the 'rank' row and add 1 // so uploaded photos appear at end of gallery $stmt = $db->prepare('SELECT max(rank) FROM photos'); $stmt->execute(); $e = $stmt->fetch(); $num = max($e); $order = $num+1; // Insert image into gallery $config = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($config); $clean_html1 = $purifier->purify($_POST['description']); $stmt = $db->prepare('INSERT INTO photos (siteid, description, src, rank) VALUES (?,?,?,?)'); $stmt->execute(array( (int) $siteid, $clean_html1, $imagename, $order)); // Get the last ID to display image on upload page $id_obj = $db->query("SELECT LAST_INSERT_ID()"); $id = $id_obj->fetch(); $id_obj->closeCursor(); // once updated return to gallery upload image page 'id' to show uploaded image on uploads page header('Location: gallery-upload.php?success=3&id='.$id[0]); exit; } else { // If nothing happens header('Location: gallery-upload.php?success=5'); exit; } ?>