AppSec Blog

Spot the Vuln - Invincible

In ancient times skillful warriors first made themselves invincible, and then watched for vulnerability in their opponents.
Sun Tzu

Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications.

<?php # Visit this file in your browser to simulate a mobile device's screensize via an <iframe> $devices = array( 'iphone_p' => array( 'type' => 'iPhone: portrait (320×480)', 'width' => 320, 'height' => 480 ), 'iphone_l' => array( 'type' => 'iPhone: landscape (480×320)', 'width' => 480, 'height' => 320 ), 'moto' => array( 'type' => 'Motorola phone/browser (RAZR, v551, etc)', 'width' => 176, 'height' => 220 ), 'n80' => array( 'type' => 'Nokia N80 (N60WebKit)', 'width' => 352, 'height' => 416 ) ); if ( (int) $_REQUEST['w'] && (int) $_REQUEST['h'] ) { $choice = array( 'type' => "Custom size ({$_REQUEST['w']}x{$_REQUEST['h']})", 'width' => $_REQUEST['w'], 'height' => $_REQUEST['h'] ); } elseif ( $devices[$_REQUEST['d']] ) $choice = $devices[$_REQUEST['d']]; else $choice = $devices['iphone_p']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>WPhone iFramer test tool: <?php echo $choice['type']; ?></title> </head> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get"> <label for="h">CHOOSE</label> <select name="d" id="d"> <option></option> <?php foreach ( $devices as $this_d_key => $this_d ) { $selected = ( $_REQUEST['d'] == $this_d_key ) ? 'selected' : "; echo '<option value="' . $this_d_key . '" ' . $selected . '>' . $this_d['type'] . '</option>' . "\n\t\t\t"; } echo "\n"; ?> </select> <br />OR INPUT <label for="w">Width</label> <input type="text" name="w" id="w" value="" size="5" /> x <label for="h">Height</label> <input type="text" name="h" id="h" value="" size="5" /> <br /> <input type="submit" name="submit" value="view" /> </form> <h2><?php echo $choice['type']; ?></h2> <iframe src="../../../wp-login.php" width="<?php echo $choice['width']; ?>" height="<?php echo $choice['height']; ?>">your browser does not support iframes.</iframe> </body> </html>
About the Authors:
Brett Hardin and Billy Rios run spotthevuln.com, a website dedicated to helping developers understand secure coding practices. You can find out more about the authors by visiting http://spotthevuln.com/about-spot-the-vuln/

Post a Comment






Captcha


* Indicates a required field.