AppSec Blog

Spot the Vuln - Writing

Writing is a struggle against silence.
Carlos Fuentes

Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications.


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title> </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<?php
include("./config.php");
include("./functions.php");

$query = $_SERVER['QUERY_STRING'];
parse_str($query);

ConnectToDB($server, $user, $pw, $dbname);
?>

<style type="text/css">
<!--
@import url("./style.css");
-->
</style>

<script>
<!--
function setfocus()
{
document.form1.cmd.focus();
document.form1.logfield.scrollTop = '9999';
}
-->
</script>

</head>

<body onload="setfocus()">
<?php 
if($_POST['pw']!=$botpw)
{
?>
<table width="242" border="0" cellpadding="0" cellspacing="0" bgcolor="#D0EAD2" class="tableborder">
  <!--DWLayoutTable-->
  <tr>
    <td width="239" height="44" valign="top"><form action="./control.php" method="post" name="login" id="login">
        Password:<br>
        <input name="pw" type="password" id="pw">
        <input name="login" type="submit" id="login" value="Login">
    </form></td>
  </tr>
</table>
<?php
}
else
{
?> 
<table width="516" border="0" cellpadding="0" cellspacing="0" bgcolor="#D5E1F0" class="tableborder">
        <!--DWLayoutTable-->
        <tr>
          <td width="78" height="43" valign="middle"><form action="./control.php" method="post" name="logout" id="logout">
              <input name="logout" type="submit" id="logout" value="Logout">
          </form></td>
          <td width="143" valign="middle"><form action="./control.php" method="post" name="command" id="command">
              <input name="command" type="submit" id="command" value="Command center">
              <input name="pw" type="hidden" id="pw" value="<?php echo($_POST['pw']); ?>">
          </form></td>
  <td width="193" valign="middle"><form action="./control.php" method="post" name="queue" id="queue">
              <input name="queue" type="submit" id="queue" value="Manage commandqueue">
              <input name="pw" type="hidden" id="pw" value="<?php echo($_POST['pw']); ?>">
          </form></td>
          <td width="101" valign="middle"><form action="./control.php" method="post" name="logdel" id="logdel">
              <input name="logdel" type="submit" id="logdel" value="Delete log">
              <input name="pw" type="hidden" id="pw" value="<?php echo($_POST['pw']); ?>">
          </form></td>
        </tr>
</table>
<?php
if(isset($_POST['queue']))
{

if(isset($_POST['action']))
{
if($_POST['action']==2)
{
DeleteCommandsFromQueue();
}

if($_POST['action']==4)
{
EditCommandForBot();
}
}

if($_POST['action']!=3)
{
?>
<br>
<form action="./control.php" method="post" name="form1" id="form1">
<table width="648" border="0" cellpadding="0" cellspacing="0" bgcolor="#F2ECD7" class="tableborder">
  <!--DWLayoutTable-->
  <tr>
    <td height="486" colspan="2" valign="top">Bot:<br>
          <select name="botselect" id="botselect">
  <?php
  ShowAllBotsCmdList();
  ?>
        </select>

About the Authors:
Brett Hardin and Billy Rios run spotthevuln.com, a website dedicated to helping developers understand secure coding practices. You can find out more about the authors by visiting http://spotthevuln.com/about-spot-the-vuln/

Post a Comment






Captcha


* Indicates a required field.