Jump to content

Try to break my small upload site - forumpix.co.uk


phillips321

Recommended Posts

Hi guys,

 

my website www.forumpix.co.uk is working pretty well so far.

 

The main idea of the site is that you can upload images to host on forums (test it here if you want).

 

Once you have uploaded your first image you shouldn't have to type in the verification code again (stores a cookie)

 

If you revisit the site it should show you your most recent uploaded image (uses a cookie), you can also then turn off this option by clicking the link under the last uploaded image.

 

Any chance you guys can see if it can be broken for me?

 

Cheers

 

Matt

Link to comment
Share on other sites

CAPTCHA:

The solution for the CAPTCHA is on the page.

 

CAPTCHA:

You can bypass the CAPTCHA by setting the showverify cookie to false.

 

Cross Site Scripting:

There is Cross Site Scripting if you set the lastimage cookie to ">code.

 

Directory Transversal:

There is Directory Transversal if you set the lastimage cookie to ../icons/a.gif.

Link to comment
Share on other sites

Thanks for the help on this.

$lastimage is simply the output of time() so is only a number

setcookie('lastimage',$image_number,time()+(60*60*24*365));

 

how do i make sure that when the lastimage cookie is read in that only valid numbers are allowed? and things like "../../directory/directory/img.jpg" are not allowed?

 

 

 

cheers

 

Link to comment
Share on other sites

i thort about the use of time() and did realise the 1sec problem, i'm going to implement the naming a little better to improve.

 

im still unsure how to validate the cookie value of 'lastimage'

 

the value last image should only be "", "noimage" or a number

 

any ideas?

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

i thort about the use of time() and did realise the 1sec problem, i'm going to implement the naming a little better to improve.

 

im still unsure how to validate the cookie value of 'lastimage'

 

the value last image should only be "", "noimage" or a number

 

any ideas?

 

if($uservariable='noimage')$var='no';

elseif(ctype_digit($uservariable))$var=$uservariable;//Feel free to add intval() around this but it shouldn't be needed

elseif($uservariable!=''){echo'XSS detected';die();}

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.