AppSec Blog

Spot the Vuln - Proportion

Rocket science has been mythologized all out of proportion to its true difficulty.
John Carmack

Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications.

<?php // Don't remove this lines: require_once('../../../wp-blog-header.php'); global $lg_gallery; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /> <title><?php echo $_GET['image'] ?></title> <style type="text/css"> body { text-align:center; margin:0; padding:0; } img { border:none; } </style> <script type="text/javascript"> function WinWidth(){ if (window.innerWidth!=window.undefined) return window.innerWidth; if (document.compatMode=='CSS1Compat') return document.documentElement.clientWidth; if (document.body) return document.body.clientWidth; return window.undefined; } function WinHeight() { if (window.innerHeight!=window.undefined) return window.innerHeight; if (document.compatMode=='CSS1Compat') return document.documentElement.clientHeight; if (document.body) return document.body.clientHeight; return window.undefined; } function FitPic() { iWidth=WinWidth(); iHeight=WinHeight(); iWidth = document.images[0].width - iWidth; iHeight = document.images[0].height - iHeight; window.resizeBy((iWidth), (iHeight)) self.focus(); } </script> </head> <body onload="FitPic()"> <a href="javascript:self.close()" title="<?php _e('Click to close', $lg_text_domain); ?>"> <img src="<?php echo str_replace(" ", "%20", $lg_gallery->address.$_GET['folder'].$_GET['image']); ?>" alt="<?php echo $_GET['image']; ?>" /> </a> </body> </html> <?php ?>
About the Authors:
Brett Hardin and Billy Rios run spotthevuln.com, a website dedicated to helping developers understand secure coding practices. You can find out more about the authors by visiting http://spotthevuln.com/about-spot-the-vuln/

Post a Comment






Captcha


* Indicates a required field.