Jump to content

V CMS beta test

ComGuar

By ComGuar
in Beta Test Your Stuff!

 Share

Recommended Posts

darkfreaks Advanced Member

darkfreaks

Posted
Posted

well your script IP ban my scanner so there is no way currently i can manually check either.

 

 

anyhow

HTML Form found in redirect page

Vulnerability description

Manual confirmation is required for this alert.

 

An HTML form was found in the response body of this page. However, the current page redirects the visitor to another page by returning an HTTP status code of 301/302. Therefore, all browser users will not see the contents of this page and will not be able to interact with the HTML form.

Sometimes programmers don't properly terminate the script after redirecting the user to another page. For example: 

<?php
    if (!isset($_SESSION["authenticated"])) {
        header("Location: auth.php");
    }
?>
<title>Administration page</title>
<form action="/admin/action" method="post">
    <!-- ...  form inputs ...  -->
</form>
<!-- ...  the rest of the administration page ...  -->

This script is incorrect because the script is not terminated after the "header("Location: auth.php");" line. An attacker can access the content the administration page by using an HTTP client that doesn't follow redirection (like HTTP Editor). This creates an authentication bypass vulnerability.

The correct code would be 

<?php
    if (!isset($_SESSION[auth])) {
        header("Location: auth.php");
        exit();
    }
?>
<title>Administration page</title>
<form action="/admin/action" method="post">
    <!-- ...  form inputs ...  -->
</form>
    
<!-- ...  the rest of the administration page ...  -->

Affected items

/pages/inbox.php

The impact of this vulnerability

The impact of this vulnerability depends on the affected web application.

How to fix this vulnerability

Make sure the script is terminated after redirecting the user to another page.

darkfreaks Advanced Member

darkfreaks

Posted
Posted

thanks for fixing it it also fixed up a minor google hacking thing as well about page error. i think it had more to do with your redirect not terminating. 8)

 

 

also does your script use PDO over mysql_real_escape_string it does clean up more nicely than the later  IMO.

darkfreaks Advanced Member

darkfreaks

Posted
Posted

as i mentioned it is preffered to use PDO instead of mysql_real_escape_string

 

as my scanner pinged your site out it is trying to access the site like so

 

 

file http://dev.vorak.com/1/'" was not found

 

then below this is where the syntax error is.

 

While mysql_real_escape_string is efficient  there is some charsets and characters it does not escape.

darkfreaks Advanced Member

darkfreaks

Posted
Posted

i got another question? does it check if gpc_magic_quotes are on and if they aren't to use stripslashes instead :confused:

 

 

also when you insert  to database  something like user_id you are using typecast (int)

 

to make sure it is an integer.

 

$sql="INSERT INTO table * WHERE user_id='".(int)$_POST['user_id']."'";

 

 

this also works for SELECT queries as well.

 

just a reminder the integer typecast only works on integers and numeric fields.

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.