Jump to content

Recommended Posts

File Input Accepted

 

 

The impact of this vulnerability

User may upload malicious files to server.

How to fix this vulnerability

Check if the script inputs are properly validated from uploading .exe/.js and .php extensions

 

 

can you tell me where file input was accepted? or do you mean that there was a folder found with permissions that allow an upload?

  • Replies 64
  • Created
  • Last Reply

Top Posters In This Topic

!!

You MUST use mysql_real_escape_string() if you are logging IPs. VERY dangerous. The remote address part of an http socket connection is just as "spoofable" as the user agent or any part of the HTTP request.

 

duuude!!! I never thought about that! Very good point. and fixed now.

 

quick question... would addslashes be okay?

i would have to rescan but on your server go into the php.ini file and turn HTTP_TRACE method off like third said this is dangerous ;)

 

 

I check my php.ini file and didn't see a http trace. closest I saw was mysql trace

 

 

you can disable http_trace through .htacess file

 

write this in it:

# disable TRACE in the main scope of httpd.conf
RewriteEngine On 
RewriteCond %{REQUEST_METHOD} ^TRACE 
RewriteRule .* - [F] 

i would have to rescan but on your server go into the php.ini file and turn HTTP_TRACE method off like third said this is dangerous ;)

 

 

I check my php.ini file and didn't see a http trace. closest I saw was mysql trace

 

 

you can disable http_trace through .htacess file

 

write this in it:

# disable TRACE in the main scope of httpd.conf
RewriteEngine On 
RewriteCond %{REQUEST_METHOD} ^TRACE 
RewriteRule .* - [F] 

 

 

does disabling it make it so you cant spoof the ip and other variables? Or what exactly? I dont remember anyone saying anything about http trace before you mentioned it.

Addslashes is not OK.

http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string

 

best thing to do here is use ip2long() or ereg_replace( "[^0-9.]", "", $stuff )

 

 

I can't thank you enough! That article was quite helpful and informative. Good stuff guys, I'm another step closer to becoming less vulnerable  8)

[1]

If you have the time for it, could you publish anonymized versions of logs of the results of these tests. Those would be a great help for everyone, including me ;)

Lots of people learning PHP (it takes much more than one paying project, trust me) out there don't have the resources to repeat-test their own sites by paying for hosting and asking testers here to test the same things.

These reports would be very helpful to the community here at phpfreaks and if done correctly would also give a little more weight to your "portfolio" or "skillset" section on your personal business site.

 

Just my thoughts, be free to ignore or correct :)

 

In fact, may I suggest anyone who has such data and a little time to spare (without taking risks, of course) to publish such reports.

Security researchers do a lot of this stuff, but a set of real, hand-edited, not-so-polished, plainspeak data has its uses and target audience.

 

Again, feel free to ignore or correct :)

 

[2]

I am no designer, and you did not ask for design ideas, but IMO, a 2-column layout inside the main part, would probably get across more info to your users on the first page itself.

(Please ignore if it conflicts any of your decisions...)

A look at http://www.1234.info/webtemplates/ will explain what i'm trying to say.

Since you're not making money on ads, and your visitors are on broadband, your site might be that much more helpful to users in finding information.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.