NegativeAttitude Posted February 25, 2015 Share Posted February 25, 2015 Hi, i'm new on this forum. I have some kind of school project and i need to fix the security issues in 5 PHP scripts, it includs SQL injection/Path Traversal/XSS, i have already filtered most of the "faults", problem is that i cant find the right solution's. (mysql_escape_string etc.. ) Can somebody have a look and maybe help me? This are the 5 scripts: Index.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/> <link rel="stylesheet" type="text/css" href="contents.php?file=style.css" media="screen"/> <title>What's up</title> </head> <body> <div class="top"> <div class="header"> <div class="left"></div> <div class="right"> <h2>What's up</h2> <p>Deze website maakt onderdeel uit van een Certified Secure challenge en wordt beveiligd door de beste specialisten.</p> </div> </div> </div> <div class="container"> <div class="main"> <div class="content"> <h1>This is up</h1> <? mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh"); mysql_select_db("whatsupVvHbE9"); $result = mysql_query("SELECT name, site, message, `when` FROM messages"); while($res = mysql_fetch_assoc($result)) { ?> <div class="descr"><?=$res['when']?> door <a href=<?=$res['site']?>><?=$res['name']?></a></div> <blockquote> <p><?=$res['message']?></p> </blockquote> <? } ?> <h1>Vertel zelf</h1> <form method="POST" action="add.php"> <label for="name">Naam</label><input type="text" name="name" id="name"/> <div class="clearer"></div> <label for="website">Website</label><input type="text" name="website" id="website"/> <div class="clearer"></div> <label for="message">What's up</label><textarea name="message" id="message"></textarea> <div class="clearer"></div> <label for="submit"></label><input type="submit" id="submit"/> </form> </div> <div class="sidenav"> <h2>Zoek</h2> <form method="GET" action="search.php"> <input type="text" name="search" size="16"/><input type="submit" value="zoek"/> </form> <h2>Over</h2> <p>Op deze website mag iedereen vertellen hoe het met hem of haar gaat. Slechte dag gehad omdat je site is gekraakt? Ontslagen? Of juist een nieuwe baan als Security Officer? Laat het weten!</p> </div> <div class="clearer"><span></span></div> </div> <div class="footer">©2013 What's up. Template design door<a href="http://arcsin.se">Arcsin</a></div> </body> </html> ---------------------------------------------------------------------------------------------------------------------------------- add.php <? mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh"); mysql_select_db("whatsupVvHbE9"); if (!isset($_POST['name']) || !isset($_POST['website']) || !isset($_POST['message'])) { print 'Niet alle velden zijn ingevuld'; exit; } $result = mysql_query("INSERT INTO messages (name, site, message) VALUES ('" . $_POST['name'] . "','" . $_POST['website'] . "','" . $_POST['message'] . "')"); if (!$result) { print 'Fout_IN_SQL'; exit; } $id = mysql_insert_id(); header("Location: view.php?id=" . intval($id)); ?> ----------------------------------------------------------------------------------------------------------------------------- View.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/> <link rel="stylesheet" type="text/css" href="contents.php?file=style.css" media="screen"/> <title>What's up</title> </head> <body> <div class="top"> <div class="header"> <div class="left"></div> <div class="right"> <h2>What's up</h2> <p>Deze website maakt onderdeel uit van een Certified Secure challenge en wordt beveiligd door de beste specialisten.</p> </div> </div> </div> <div class="container"> <div class="main"> <div class="content"> <h1>Bekijken_MESSAGE</h1> <? mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh"); mysql_select_db("whatsupVvHbE9"); if (isset($_GET['id'])) { $result = mysql_query("SELECT name, site, message, `when` FROM messages WHERE id = " . $_GET['id']); $res = mysql_fetch_assoc($result); ?> <div class="descr"><?=$res['when']?> by <a href=<?=$res['site']?>><?=$res['name']?></a></div> <blockquote> <p><?=$res['message']?></p> </blockquote> <? } ?> <h1>Vertel zelf</h1> <form method="POST" action="add.php"> <label for="name">Naam</label><input type="text" name="name" id="name"/> <div class="clearer"></div> <label for="website">Website</label><input type="text" name="website" id="website"/> <div class="clearer"></div> <label for="message">What's up</label><textarea name="message" id="message"></textarea> <div class="clearer"></div> <label for="submit"></label><input type="submit" id="submit"/> </form> </div> <div class="sidenav"> <h2>Zoek</h2> <form method="GET" action="search.php"> <input type="text" name="search" size="16"/><input type="submit" value="zoek"/> </form> <h2>Over</h2> <p>Op deze website mag iedereen vertellen hoe het met hem of haar gaat. Slechte dag gehad omdat je site is gekraakt? Ontslagen? Of juist een nieuwe baan als Security Officer? Laat het weten!</p> </div> <div class="clearer"><span></span></div> </div> <div class="footer">©2013 What's up. Template design door<a href="http://arcsin.se">Arcsin</a></div> </div> </body> </html> ----------------------------------------------------------------------------------------------------------------------------- Contents.php <? if (!isset($_GET['file'])) { exit; } if (substr($_GET['file'], -4, 4) == '.css') { header('Content-type: text/css'); } if (substr($_GET['file'], -4, 4) == '.png') { header('Content-type: image/png'); } if (substr($_GET['file'], -4, 4) == '.gif') { header('Content-type: image/gif'); } if (substr($_GET['file'], -4, 4) == '.jpg') { header('Content-type: image/jpeg'); } if (file_exists("/var/www/contents/" . $_GET['file'])) { printfile_get_contents("/var/www/contents/" . $_GET['file']); } ---------------------------------------------------------------------------------------------------------------------------- Search.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/> <link rel="stylesheet" type="text/css" href="contents.php?file=style.css" media="screen"/> <title>What's up</title> </head> <body> <div class="top"> <div class="header"> <div class="left"></div> <div class="right"> <h2>What's up</h2> <p>Deze website maakt onderdeel uit van een Certified Secure challenge en wordt beveiligd door de beste specialisten.</p> </div> </div> </div> <div class="container"> <div class="main"> <div class="content"> <h1>ResultaatS_SEARCH</h1> <? mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh"); mysql_select_db("whatsupVvHbE9"); if (isset($_GET['search'])) { $result = mysql_query("SELECT name, site, message, `when` FROM messages WHERE message LIKE '%" . $_GET['search'] . "%'"); while($res = mysql_fetch_assoc($result)) { ?> <div class="descr"><?=$res['when']?> door <a href=<?=$res['site']?>><?=$res['name']?></a></div> <blockquote> <p><?=$res['message']?></p> </blockquote> <? } } ?> <h1>Vertel zelf</h1> <form method="POST" action="add.php"> <label for="name">Naam</label><input type="text" name="name" id="name"/> <div class="clearer"></div> <label for="website">Website</label><input type="text" name="website" id="website"/> <div class="clearer"></div> <label for="message">What's up</label><textarea name="message" id="message"></textarea> <div class="clearer"></div> <label for="submit"></label><input type="submit" id="submit"/> </form> </div> <div class="sidenav"> <h2>Zoek</h2> <form method="GET" action="search.php"> <input type="text" name="search" size="16"/><input type="submit" value="zoek"/> </form> <h2>Over</h2> <p>Op deze website mag iedereen vertellen hoe het met hem of haar gaat. Slechte dag gehad omdat je site is gekraakt? Ontslagen? Of juist een nieuwe baan als Security Officer? Laat het weten!</p> </div> <div class="clearer"><span></span></div> </div> <div class="footer">©2013 What's up. Template design door<a href="http://arcsin.se">Arcsin</a></div> </body> </html> Thanks in advance! NA Quote Link to comment Share on other sites More sharing options...
gizmola Posted February 25, 2015 Share Posted February 25, 2015 So you identified the problems already? If that's the case why don't you point those out. Seems like at present you're just asking us to do your assignment for you. Quote Link to comment Share on other sites More sharing options...
NegativeAttitude Posted February 25, 2015 Author Share Posted February 25, 2015 i tried a lot of options but nothing works, it's frustrating. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted February 26, 2015 Share Posted February 26, 2015 we can only help you with specific questions and the specific code concerning each specific question. by just dumping multiple files and hundreds of lines of code on a forum, not posted using the forum's bbcode tags, no one is going to help you for free. you need to pick one problem at a time and troubleshoot what's happening to narrow down and just post the code that's relevant to that problem. randomly trying a bunch of different things, without a targeted purpose and goal for each of the things you try, generally doesn't produce any results. if you have a problem with sql injection, you need to do things that are relevant to the portion of your code where the sql query is being built and executed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.