ardyandkari Posted July 31, 2008 Share Posted July 31, 2008 hello. i have been working on a reservation script. i call it LiteRes. the reason for that is that i want to keep it as simple as possible...no graphics, no bells, no whistles, just the ground level. it is located here i have been working on it for about 24 hours (off and on), and as i am not much of a php coder, it is probably not up to par for anything... but it is mine and i am proud of it. i would like you to try to break it. injection attacks welcome, just no destroying of the db please... i need to know what will hurt this, as it will be used for a client. dont worry, they dont want flashy either...just quick (they may be requiring dial-up internet) and easy. also if anyone wants to comment on how it functions or has any suggestions, just shoot them out there. i accept constructive criticism with gratitude. (destructive criticism not so much, so dont say that it sucks unless you have a reason) as of now, i dont know how to show the reservations on the calendar portion, so that will come later. if you want to log in the user name is: test the password is: d not much for security, but i dont care...just a trial run here. thanks in advance. ardy Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/ Share on other sites More sharing options...
darkfreaks Posted July 31, 2008 Share Posted July 31, 2008 Vulnerability description Password type input named pass from form named form1 with action index.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-604171 Share on other sites More sharing options...
unidox Posted July 31, 2008 Share Posted July 31, 2008 http://www.everkleen.biz/resort/literes/index.php?page=[] Warning: include(inc/[].php) [function.include]: failed to open stream: No such file or directory in /home/content/e/v/e/everkleen/html/resort/literes/index.php on line 42 Warning: include() [function.include]: Failed opening 'inc/[].php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/e/v/e/everkleen/html/resort/literes/index.php on line 42 http://www.everkleen.biz/resort/literes/inc/add.php Warning: include(inc/dbconnect.php) [function.include]: failed to open stream: No such file or directory in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 2 Warning: include() [function.include]: Failed opening 'inc/dbconnect.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 2 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 3 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 3 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 4 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 4 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 5 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 5 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 6 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 6 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 7 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 7 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 8 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 8 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 9 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 9 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 10 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 10 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 11 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 11 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 12 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 12 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 13 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 13 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 13 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 13 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 13 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 13 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 14 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 14 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 14 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 14 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 14 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 14 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 15 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 15 Return To Main Page Warning: include(inc/addform.php) [function.include]: failed to open stream: No such file or directory in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 20 Warning: include() [function.include]: Failed opening 'inc/addform.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 20 Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-604184 Share on other sites More sharing options...
darkfreaks Posted July 31, 2008 Share Posted July 31, 2008 Vulnerability description This script is vulnerable to PHPSESSID session fixation attacks. By injecting a custom PHPSESSID is possible to alter the PHP session cookie. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site. This vulnerability affects /resort/literes. The impact of this vulnerability By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards. How to fix this vulnerability Set session.use_only_cookies = 1 from php.ini. This option enables administrators to make their users invulnerable to attacks which involve passing session ids in URLs; defaults to 0. Vulnerability description A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for known sensitive directories like: backup directories, database dumps, administration pages, temporary directories. Each of those directories may help an attacker to learn more about his target. This vulnerability affects /resort/literes/inc. The impact of this vulnerability This directory may expose sensitive information that may help an malicious user to prepare more advanced attacks. How to fix this vulnerability Restrict access to this directory or remove it from the website. Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-604188 Share on other sites More sharing options...
ardyandkari Posted July 31, 2008 Author Share Posted July 31, 2008 http://www.everkleen.biz/resort/literes/index.php?page=[] Warning: include(inc/[].php) [function.include]: failed to open stream: No such file or directory in /home/content/e/v/e/everkleen/html/resort/literes/index.php on line 42 Warning: include() [function.include]: Failed opening 'inc/[].php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/e/v/e/everkleen/html/resort/literes/index.php on line 42 http://www.everkleen.biz/resort/literes/inc/add.php Warning: include(inc/dbconnect.php) [function.include]: failed to open stream: No such file or directory in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 2 Warning: include() [function.include]: Failed opening 'inc/dbconnect.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 2 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/usr/local/mysql-5.0/data/mysql.sock' (2) in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 3 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/e/v/e/everkleen/html/resort/literes/inc/add.php on line 3 just wondering how you got this error? darkfreaks: i fixed the password portion and added the session.use_only_cookies = 1 to php.ini, but dont understand how to do this: Vulnerability description A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for known sensitive directories like: backup directories, database dumps, administration pages, temporary directories. Each of those directories may help an attacker to learn more about his target. This vulnerability affects /resort/literes/inc. The impact of this vulnerability This directory may expose sensitive information that may help an malicious user to prepare more advanced attacks. How to fix this vulnerability Restrict access to this directory or remove it from the website. also, if this is an issue of a customer logging on here and using the program, that won't happen. this is being built for the admin only. the owner will use this as his reservation software on the site. users will never get any farther than the login. Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-604437 Share on other sites More sharing options...
darkfreaks Posted July 31, 2008 Share Posted July 31, 2008 how do you stop that exploit? simple give proper chmod permission so you cannot write or execute the directory Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-604738 Share on other sites More sharing options...
unidox Posted July 31, 2008 Share Posted July 31, 2008 make sure that it checks the get entry to see if the file exists, and then define something like this: index.php: <?php define("IN_SCRIPT", "1"); if (!file_exists("inc/" . $_GET['page'] . ".php") { echo "Error, page does not exist."; die(); } ?> page thats included: <?php if (!IN_SCRIPT) { } else { code here } ?> Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-604797 Share on other sites More sharing options...
ardyandkari Posted July 31, 2008 Author Share Posted July 31, 2008 how do you stop that exploit? simple give proper chmod permission so you cannot write or execute the directory i am not sure that i can do that with the host that i have (godaddy) i dont know what host the user will be using, but i will keep that in mind. Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-605056 Share on other sites More sharing options...
ardyandkari Posted July 31, 2008 Author Share Posted July 31, 2008 make sure that it checks the get entry to see if the file exists, and then define something like this: index.php: <?php define("IN_SCRIPT", "1"); if (!file_exists("inc/" . $_GET['page'] . ".php") { echo "Error, page does not exist."; die(); } ?> page thats included: <?php if (!IN_SCRIPT) { } else { code here } ?> cant i just have in the index : if (!file_exists("inc/" . $_GET['page'] . ".php")) { echo "Error, page does not exist."; die();} else {include "inc/".$page.".php";} i did try it and it worked... Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-605088 Share on other sites More sharing options...
darkfreaks Posted July 31, 2008 Share Posted July 31, 2008 did you change php.ini on your server or did you make a file called php.ini and upload to your hosting ??? if you changed it on your server i should not be detecting it but i am. if it was an uploaded file to your hosting it wont work. it has to be changed directly on the server. also when you submit a reservation please check for empty fields like <?php $variable=$_POST['variable']; if(!empty($variable)){ //submit code }else{ //error ]?> Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-605112 Share on other sites More sharing options...
ardyandkari Posted August 1, 2008 Author Share Posted August 1, 2008 i did change the php.ini that was on the site. downloaded the file, edited, and uploaded. added this line: session.use_only_cookies = 1 also, what would checking for empty fields do for me? if the end user is unable to gather the data, then it should be able to be left open...i would think anyways. also...kind of regarding that... if i want the form to come back with an error but retain the info that was in the fields...how would that be done? Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-605225 Share on other sites More sharing options...
darkfreaks Posted August 1, 2008 Share Posted August 1, 2008 uploading php.ini on the site WONT WORK!!! if you have hosting you need to tell your host to make the change on the server php.ini file Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-605250 Share on other sites More sharing options...
ardyandkari Posted August 1, 2008 Author Share Posted August 1, 2008 really??? ??? i didnt know that. thanks for the info! i dont think that i will do that for now, as this is a test...i just want to know, what are the possibilities of this problem? if i sanitize my inputs, that should be good, right??? (sorry, still trying to understand security here...) Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-605428 Share on other sites More sharing options...
darkfreaks Posted August 1, 2008 Share Posted August 1, 2008 remove the php.ini file from your site NOW!!! this will give away important information that can be used against you to gain access to the site now as far as server wise email your host and tell them to make the needed change in there server php.ini file so there hosted clients are not vunerable to PHPSESSID attack Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-605771 Share on other sites More sharing options...
ardyandkari Posted August 2, 2008 Author Share Posted August 2, 2008 supposedly, with godaddy you can create your own custom php.ini/php5.ini files. quick question...some things you can change with .htaccess...would this be something that would work? Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-605837 Share on other sites More sharing options...
darkfreaks Posted August 2, 2008 Share Posted August 2, 2008 i suppose you could. worth a try. but sometimes it hangs :nod Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-605879 Share on other sites More sharing options...
ardyandkari Posted August 5, 2008 Author Share Posted August 5, 2008 ok...got a response from godaddy: Thank you for contacting Online Support. Thank you for your feedback and suggestion. As we highly value your new ideas please feel free to e-mail us at suggestions@godaddy.com any time with any further suggestions you have. Unfortunately we do not currently modify any settings in the php.ini files. If you would like to add this to your file you may modify it to your specifications. supposedly, i should be able to upload my own php.ini file...supposedly... does it have to be in binary or something??? Link to comment https://forums.phpfreaks.com/topic/117455-reservation-script/#findComment-608236 Share on other sites More sharing options...
Recommended Posts