ComGuar Posted September 17, 2012 Author Share Posted September 17, 2012 There is not too much code on index, only main page parser and some included files. That is what I need. Tell me where you tried to insert value 1? I need to see error. I think that error is in your script syntax maybie. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 17, 2012 Share Posted September 17, 2012 well your script IP ban my scanner so there is no way currently i can manually check either. anyhow HTML Form found in redirect page Vulnerability description Manual confirmation is required for this alert. An HTML form was found in the response body of this page. However, the current page redirects the visitor to another page by returning an HTTP status code of 301/302. Therefore, all browser users will not see the contents of this page and will not be able to interact with the HTML form. Sometimes programmers don't properly terminate the script after redirecting the user to another page. For example: <?php if (!isset($_SESSION["authenticated"])) { header("Location: auth.php"); } ?> <title>Administration page</title> <form action="/admin/action" method="post"> <!-- ... form inputs ... --> </form> <!-- ... the rest of the administration page ... --> This script is incorrect because the script is not terminated after the "header("Location: auth.php");" line. An attacker can access the content the administration page by using an HTTP client that doesn't follow redirection (like HTTP Editor). This creates an authentication bypass vulnerability. The correct code would be <?php if (!isset($_SESSION[auth])) { header("Location: auth.php"); exit(); } ?> <title>Administration page</title> <form action="/admin/action" method="post"> <!-- ... form inputs ... --> </form> <!-- ... the rest of the administration page ... --> Affected items /pages/inbox.php The impact of this vulnerability The impact of this vulnerability depends on the affected web application. How to fix this vulnerability Make sure the script is terminated after redirecting the user to another page. Link to comment Share on other sites More sharing options...
ComGuar Posted September 17, 2012 Author Share Posted September 17, 2012 Thanks, fixed I removed "antidos" script until tomorrow, so you can scan site with no problems Link to comment Share on other sites More sharing options...
darkfreaks Posted September 17, 2012 Share Posted September 17, 2012 thanks for fixing it it also fixed up a minor google hacking thing as well about page error. i think it had more to do with your redirect not terminating. also does your script use PDO over mysql_real_escape_string it does clean up more nicely than the later IMO. Link to comment Share on other sites More sharing options...
ComGuar Posted September 17, 2012 Author Share Posted September 17, 2012 Thanks! I am not using PDO. There is no need for mysql_real_replace_string() when using PDO. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 17, 2012 Share Posted September 17, 2012 correct you are. i was merely stating that PDO is preffered over mysql_real_escape_string. so if your not using either of those are you at least using mysqli ??? otherwise you are prone to injection in some form. Link to comment Share on other sites More sharing options...
ComGuar Posted September 17, 2012 Author Share Posted September 17, 2012 I wrote my function for checking variables, and there is mysql_real_escape_string() in it Link to comment Share on other sites More sharing options...
darkfreaks Posted September 17, 2012 Share Posted September 17, 2012 as i mentioned it is preffered to use PDO instead of mysql_real_escape_string as my scanner pinged your site out it is trying to access the site like so file http://dev.vorak.com/1/'" was not found then below this is where the syntax error is. While mysql_real_escape_string is efficient there is some charsets and characters it does not escape. Link to comment Share on other sites More sharing options...
ComGuar Posted September 17, 2012 Author Share Posted September 17, 2012 Darkfreaks, this is not my site, please check again. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 17, 2012 Share Posted September 17, 2012 sorry i misspelled it but i can assure you sir. that i did scan the right site. Link to comment Share on other sites More sharing options...
ComGuar Posted September 17, 2012 Author Share Posted September 17, 2012 Of course, there is htmlspecialchars() and htmlentities(). I use function to check variables and inputs as I mentioned before few posts, and I think it is doing great job. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 17, 2012 Share Posted September 17, 2012 i got another question? does it check if gpc_magic_quotes are on and if they aren't to use stripslashes instead also when you insert to database something like user_id you are using typecast (int) to make sure it is an integer. $sql="INSERT INTO table * WHERE user_id='".(int)$_POST['user_id']."'"; this also works for SELECT queries as well. just a reminder the integer typecast only works on integers and numeric fields. Link to comment Share on other sites More sharing options...
ComGuar Posted September 18, 2012 Author Share Posted September 18, 2012 On many servers gpc_magic_quotes are on and I am using stripslashes(). Link to comment Share on other sites More sharing options...
darkfreaks Posted September 18, 2012 Share Posted September 18, 2012 i suggest read up on the below link it explains why to use PDO versus mysql_real_escape_string and get_magic_quotes_gpc why use pdo vs mysql_real_escape_string???? Link to comment Share on other sites More sharing options...
ComGuar Posted September 18, 2012 Author Share Posted September 18, 2012 Thanks Darkfreaks, I will read it. Link to comment Share on other sites More sharing options...
Recommended Posts