dannyb785 Posted July 24, 2008 Author Share Posted July 24, 2008 File Input Accepted The impact of this vulnerability User may upload malicious files to server. How to fix this vulnerability Check if the script inputs are properly validated from uploading .exe/.js and .php extensions can you tell me where file input was accepted? or do you mean that there was a folder found with permissions that allow an upload? Link to comment Share on other sites More sharing options...
darkfreaks Posted July 24, 2008 Share Posted July 24, 2008 i would have to rescan but on your server go into the php.ini file and turn HTTP_TRACE method off like third said this is dangerous Link to comment Share on other sites More sharing options...
dannyb785 Posted July 24, 2008 Author Share Posted July 24, 2008 i would have to rescan but on your server go into the php.ini file and turn HTTP_TRACE method off like third said this is dangerous I check my php.ini file and didn't see a http trace. closest I saw was mysql trace Link to comment Share on other sites More sharing options...
dannyb785 Posted July 24, 2008 Author Share Posted July 24, 2008 !! You MUST use mysql_real_escape_string() if you are logging IPs. VERY dangerous. The remote address part of an http socket connection is just as "spoofable" as the user agent or any part of the HTTP request. duuude!!! I never thought about that! Very good point. and fixed now. quick question... would addslashes be okay? Link to comment Share on other sites More sharing options...
darkfreaks Posted July 24, 2008 Share Posted July 24, 2008 i would have to rescan but on your server go into the php.ini file and turn HTTP_TRACE method off like third said this is dangerous I check my php.ini file and didn't see a http trace. closest I saw was mysql trace you can disable http_trace through .htacess file write this in it: # disable TRACE in the main scope of httpd.conf RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] Link to comment Share on other sites More sharing options...
dannyb785 Posted July 24, 2008 Author Share Posted July 24, 2008 i would have to rescan but on your server go into the php.ini file and turn HTTP_TRACE method off like third said this is dangerous I check my php.ini file and didn't see a http trace. closest I saw was mysql trace you can disable http_trace through .htacess file write this in it: # disable TRACE in the main scope of httpd.conf RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] does disabling it make it so you cant spoof the ip and other variables? Or what exactly? I dont remember anyone saying anything about http trace before you mentioned it. Link to comment Share on other sites More sharing options...
darkfreaks Posted July 24, 2008 Share Posted July 24, 2008 HTTP_TRACE method if turned on allows "hackers" to inject javascript C++ VBSCRIPT and other programming into your code. if this method is disabled the more likely hood of this not happening. Link to comment Share on other sites More sharing options...
Third_Degree Posted July 25, 2008 Share Posted July 25, 2008 Addslashes is not OK. http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string best thing to do here is use ip2long() or ereg_replace( "[^0-9.]", "", $stuff ) Link to comment Share on other sites More sharing options...
dannyb785 Posted July 25, 2008 Author Share Posted July 25, 2008 Addslashes is not OK. http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string best thing to do here is use ip2long() or ereg_replace( "[^0-9.]", "", $stuff ) I can't thank you enough! That article was quite helpful and informative. Good stuff guys, I'm another step closer to becoming less vulnerable Link to comment Share on other sites More sharing options...
darkfreaks Posted July 25, 2008 Share Posted July 25, 2008 did you disable http trace? Link to comment Share on other sites More sharing options...
dannyb785 Posted July 25, 2008 Author Share Posted July 25, 2008 ^ yeah I added the stuff in the .htaccess file. is there a way I can test that it's correctly disabled? Link to comment Share on other sites More sharing options...
darkfreaks Posted July 25, 2008 Share Posted July 25, 2008 nope it didnt work here is an article on how to go into apache server and disable them http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/ Link to comment Share on other sites More sharing options...
darkfreaks Posted July 25, 2008 Share Posted July 25, 2008 if you do not have access to the server email your hosting and request http_track and http_trace be disabled on your site. Link to comment Share on other sites More sharing options...
activeserver Posted July 26, 2008 Share Posted July 26, 2008 [1] If you have the time for it, could you publish anonymized versions of logs of the results of these tests. Those would be a great help for everyone, including me Lots of people learning PHP (it takes much more than one paying project, trust me) out there don't have the resources to repeat-test their own sites by paying for hosting and asking testers here to test the same things. These reports would be very helpful to the community here at phpfreaks and if done correctly would also give a little more weight to your "portfolio" or "skillset" section on your personal business site. Just my thoughts, be free to ignore or correct In fact, may I suggest anyone who has such data and a little time to spare (without taking risks, of course) to publish such reports. Security researchers do a lot of this stuff, but a set of real, hand-edited, not-so-polished, plainspeak data has its uses and target audience. Again, feel free to ignore or correct [2] I am no designer, and you did not ask for design ideas, but IMO, a 2-column layout inside the main part, would probably get across more info to your users on the first page itself. (Please ignore if it conflicts any of your decisions...) A look at http://www.1234.info/webtemplates/ will explain what i'm trying to say. Since you're not making money on ads, and your visitors are on broadband, your site might be that much more helpful to users in finding information. Link to comment Share on other sites More sharing options...
darkfreaks Posted July 26, 2008 Share Posted July 26, 2008 i put up a list of common exploits ony my profile if you want to look cheers Link to comment Share on other sites More sharing options...
Recommended Posts