andy9 Posted April 11, 2009 Share Posted April 11, 2009 http://kbscraps.co.cc First thing first, proof of ownership of the site I'm talking about - Click Here I started programming, or coding, using PHP about 5 months ago. So far I've done two projects, one being a private social network site, very similar to Facebook. My current on-going project is that of a new 'Comical, honest technological reviews' site. I aim to create articles on technological products I personally own, or friends/colleagues who allow me to review their stuff! The reviews will hopefully include some sarcasm (my specialty), some comedy and will be completely honest from a users' perspective. So far, the articles are almost all 'Lorem Ipsum', and the rest are my own dummy text for testing simple injection methods and HTML/PHP execution via posted messages. My primary accomplishments within this project are; 99.9% of the site is designed and coded by myself, some code taken from my earlier project - currently only 1 javascript function is not written by myself All images, and layouts designed myself The site software AND forum software is FULLY coded by myself BBCode system personally coded (smiley images currently taken from the phpBB default pack) Administration Panel operational 3rd Normalised form database, checked by a professional Since I am fairly new to PHP, I understand that my site will probably be full of bugs, but I need you to find them for me. You can try anything, but if you know it will destroy the site, I'd prefer it if you told me rather than carrying it out. The registration page is operational, so you can make your own account (probably best), or you can use the one I made for people of this forum; Username: phpfreaks Password: beta123 I have backed up the entire site, including the database Currently I'm not allowing access to the admin areas, instead, here are some screenshots of administration features: This is the administration panel, only accessible by admins - else you get put back to index.php if you try to directly access it This shows a topic, viewtopic.php; Admins can sticky, lock or delete the whole topic (which then deletes all linked posts); also, admins can delete any post from any topic. If a user deletes a post from the forum - it will not be physically deleted, the message will notify people of the 'soft' deletion. Currently you cannot edit/delete comments, or edit posts - that will hopefully be implemented within the next week. Please let me know how things go for you as a user and if there's anything that needs fixing/implementing. If you do manage to break something, please let me know how and what exactly you broke Kindest regards, Andy Link to comment https://forums.phpfreaks.com/topic/153636-technological-review-site-forum-custom-software/ Share on other sites More sharing options...
darkfreaks Posted April 11, 2009 Share Posted April 11, 2009 make sure you are sanitizing your variables with trim(),strip_tags() and mysql_real_escape_string() Link to comment https://forums.phpfreaks.com/topic/153636-technological-review-site-forum-custom-software/#findComment-807402 Share on other sites More sharing options...
andy9 Posted April 11, 2009 Author Share Posted April 11, 2009 Sorry, could you explain a little further? ??? Link to comment https://forums.phpfreaks.com/topic/153636-technological-review-site-forum-custom-software/#findComment-807404 Share on other sites More sharing options...
darkfreaks Posted April 11, 2009 Share Posted April 11, 2009 example: <?php function clean($text) { $text=trim(strip_tags(mysql_real_escape_string($text))); return $text; } $variable= clean($_POST['variable']); ?> Link to comment https://forums.phpfreaks.com/topic/153636-technological-review-site-forum-custom-software/#findComment-807422 Share on other sites More sharing options...
andy9 Posted April 11, 2009 Author Share Posted April 11, 2009 Alright, thanks for that - I'll start implementing that soon. Thanks again. Link to comment https://forums.phpfreaks.com/topic/153636-technological-review-site-forum-custom-software/#findComment-807604 Share on other sites More sharing options...
Coreye Posted April 12, 2009 Share Posted April 12, 2009 Cross Site Scripting (XSS): You can submit ">code into the location field when editing a profile and it will execute when viewing a profile. Cross Site Scripting (XSS): You can submit ">code and will execute after making a thread on the forum. Link to comment https://forums.phpfreaks.com/topic/153636-technological-review-site-forum-custom-software/#findComment-807739 Share on other sites More sharing options...
andy9 Posted April 12, 2009 Author Share Posted April 12, 2009 Thanks Coreye, nice find. All fixed htmlentities() with quotes used... Link to comment https://forums.phpfreaks.com/topic/153636-technological-review-site-forum-custom-software/#findComment-807894 Share on other sites More sharing options...
darkfreaks Posted April 12, 2009 Share Posted April 12, 2009 SQL Injection in register.php: Tested value: 1 AND USER_NAME() = 'dbo' Tested value: '; DESC users; -- Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); -- Tested value: 1 AND 1=1 Tested value: 1 EXEC XP_ SQL injection in Login.php: Tested value: 1' OR '1'='1 Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116 Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' -- Tested value: ' OR username IS NOT NULL OR username = ' Tested value: 1' AND non_existant_table = '1 XSS in editprofile.php: The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: <<SCRIPT>document.vulnerable=true;//<</SCRIPT> The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: <IMG SRC="jav ascript:document.vulnerable=true;"> Link to comment https://forums.phpfreaks.com/topic/153636-technological-review-site-forum-custom-software/#findComment-807934 Share on other sites More sharing options...
andy9 Posted April 13, 2009 Author Share Posted April 13, 2009 What exactly would the above injections achieve? Thanks again, wasn't aware of all of these methods. Link to comment https://forums.phpfreaks.com/topic/153636-technological-review-site-forum-custom-software/#findComment-808303 Share on other sites More sharing options...
darkfreaks Posted April 13, 2009 Share Posted April 13, 2009 people could insert harmful code into your application best way to avoid it is to use my clean function on everything Link to comment https://forums.phpfreaks.com/topic/153636-technological-review-site-forum-custom-software/#findComment-808338 Share on other sites More sharing options...
Recommended Posts