phillips321 Posted October 17, 2007 Share Posted October 17, 2007 Hi guys, my website www.forumpix.co.uk is working pretty well so far. The main idea of the site is that you can upload images to host on forums (test it here if you want). Once you have uploaded your first image you shouldn't have to type in the verification code again (stores a cookie) If you revisit the site it should show you your most recent uploaded image (uses a cookie), you can also then turn off this option by clicking the link under the last uploaded image. Any chance you guys can see if it can be broken for me? Cheers Matt Link to comment https://forums.phpfreaks.com/topic/73604-try-to-break-my-small-upload-site-forumpixcouk/ Share on other sites More sharing options...
agentsteal Posted October 17, 2007 Share Posted October 17, 2007 CAPTCHA: The solution for the CAPTCHA is on the page. CAPTCHA: You can bypass the CAPTCHA by setting the showverify cookie to false. Cross Site Scripting: There is Cross Site Scripting if you set the lastimage cookie to ">code. Directory Transversal: There is Directory Transversal if you set the lastimage cookie to ../icons/a.gif. Link to comment https://forums.phpfreaks.com/topic/73604-try-to-break-my-small-upload-site-forumpixcouk/#findComment-371951 Share on other sites More sharing options...
brent123456 Posted October 18, 2007 Share Posted October 18, 2007 That random image thing is a Goatise waiting to happen. Link to comment https://forums.phpfreaks.com/topic/73604-try-to-break-my-small-upload-site-forumpixcouk/#findComment-372028 Share on other sites More sharing options...
phillips321 Posted October 20, 2007 Author Share Posted October 20, 2007 Thanks for the help on this. $lastimage is simply the output of time() so is only a number setcookie('lastimage',$image_number,time()+(60*60*24*365)); how do i make sure that when the lastimage cookie is read in that only valid numbers are allowed? and things like "../../directory/directory/img.jpg" are not allowed? cheers Link to comment https://forums.phpfreaks.com/topic/73604-try-to-break-my-small-upload-site-forumpixcouk/#findComment-374176 Share on other sites More sharing options...
php_tom Posted October 20, 2007 Share Posted October 20, 2007 I think you're naming the images by the timestamp of when they were uploaded... what happens if two people upload a file during the same second? I tried to do it, it seems that on image overwrote the other. Link to comment https://forums.phpfreaks.com/topic/73604-try-to-break-my-small-upload-site-forumpixcouk/#findComment-374182 Share on other sites More sharing options...
phillips321 Posted October 20, 2007 Author Share Posted October 20, 2007 i thort about the use of time() and did realise the 1sec problem, i'm going to implement the naming a little better to improve. im still unsure how to validate the cookie value of 'lastimage' the value last image should only be "", "noimage" or a number any ideas? Link to comment https://forums.phpfreaks.com/topic/73604-try-to-break-my-small-upload-site-forumpixcouk/#findComment-374235 Share on other sites More sharing options...
phillips321 Posted October 31, 2007 Author Share Posted October 31, 2007 Here we will upload a sample image: Link to comment https://forums.phpfreaks.com/topic/73604-try-to-break-my-small-upload-site-forumpixcouk/#findComment-381981 Share on other sites More sharing options...
Azu Posted November 12, 2007 Share Posted November 12, 2007 i thort about the use of time() and did realise the 1sec problem, i'm going to implement the naming a little better to improve. im still unsure how to validate the cookie value of 'lastimage' the value last image should only be "", "noimage" or a number any ideas? if($uservariable='noimage')$var='no'; elseif(ctype_digit($uservariable))$var=$uservariable;//Feel free to add intval() around this but it shouldn't be needed elseif($uservariable!=''){echo'XSS detected';die();} Link to comment https://forums.phpfreaks.com/topic/73604-try-to-break-my-small-upload-site-forumpixcouk/#findComment-389907 Share on other sites More sharing options...
Recommended Posts