I have always been afraid of banks.
- Andrew Jackson
Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications.
...snip...
<?php
($hook = get_hook('li_forgot_pass_end')) ? eval($hook) : null;
$tpl_temp = forum_trim(ob_get_contents());
$tpl_main = str_replace('<!- forum_main ->', $tpl_temp, $tpl_main);
ob_end_clean();
// END SUBST - <!- forum_main ->
require FORUM_ROOT.'footer.php';
}
if (!$forum_user['is_guest'])
header('Location: '.forum_link($forum_url['index']));
// Setup form
$forum_page['group_count'] = $forum_page['item_count'] = $forum_page['fld_count'] = 0;
$forum_page['form_action'] = forum_link($forum_url['login']);
$forum_page['hidden_fields'] = array(
'form_sent'=> '<input type="hidden" name="form_sent" value="1" />',
'redirect_url'=> '<input type="hidden" name="redirect_url" value="'.forum_htmlencode($forum_user['prev_url']).'" />',
'csrf_token'=> '<input type="hidden" name="csrf_token" value="'.generate_form_token($forum_page['form_action']).'" />'
);
// Setup breadcrumbs
$forum_page['crumbs'] = array(
array($forum_config['o_board_title'], forum_link($forum_url['index'])),
array(sprintf($lang_login['Login info'], $forum_config['o_board_title']), forum_link($forum_url['login']))
);
($hook = get_hook('li_login_pre_header_load')) ? eval($hook) : null;
define('FORUM_PAGE', 'login');
require FORUM_ROOT.'header.php';
// START SUBST - <!- forum_main ->
ob_start();
($hook = get_hook('li_login_output_start')) ? eval($hook) : null;
?>
<div class="main-head">
<h2 class="hn"><span><?php echo sprintf($lang_login['Login info'], $forum_config['o_board_title']) ?></span></h2>
</div>
<div class="main-content main-frm">
<div class="content-head">
<p class="hn"><?php printf($lang_login['Login options'], '<a href="'.forum_link($forum_url['register']).'">'.$lang_login['register'].'</a>', '<a href="'.forum_link($forum_url['request_password']).'">'.$lang_login['Obtain pass'].'</a>') ?></p>
</div>
<?php
// If there were any errors, show them
if (!empty($errors))
{
$forum_page['errors'] = array();
foreach ($errors as $cur_error)
$forum_page['errors'][] = '<li class="warn"><span>'.$cur_error.'</span></li>';
($hook = get_hook('li_pre_login_errors')) ? eval($hook) : null;
?>
<div class="ct-box error-box">
<h2 class="warn hn"><?php echo $lang_login['Login errors'] ?></h2>
<ul class="error-list">
<?php echo implode("\n\t\t\t\t", $forum_page['errors'])."\n" ?>
</ul>
</div>
<?php
}
?>
<div id="req-msg" class="req-warn ct-box error-box">
<p class="important"><?php printf($lang_common['Required warn'], '<em>'.$lang_common['Required'].'</em>') ?></p>
</div>
<form id="afocus" class="frm-form" method="post" accept-charset="utf-8" action="<?php echo $forum_page['form_action'] ?>">
<div class="hidden">
<?php echo implode("\n\t\t\t\t", $forum_page['hidden_fields'])."\n" ?>
</div>
<?php ($hook = get_hook('li_login_pre_login_group')) ? eval($hook) : null; ?>
<div class="frm-group group<?php echo ++$forum_page['group_count'] ?>">
<?php ($hook = get_hook('li_login_pre_username')) ? eval($hook) : null; ?>
<div class="sf-set set<?php echo ++$forum_page['item_count'] ?>">
<div class="sf-box text required">
<label for="fld<?php echo ++$forum_page['fld_count'] ?>"><span><?php echo $lang_login['Username'] ?> <em><?php echo $lang_common['Required'] ?></em></span></label><br />
<span class="fld-input"><input type="text" id="fld<?php echo $forum_page['fld_count'] ?>" name="req_username" value="<?php echo isset($_POST['req_username']) ? forum_htmlencode($_POST['req_username']) : " ?>" size="35" maxlength="25" /></span>
</div>
</div>
<?php ($hook = get_hook('li_login_pre_pass')) ? eval($hook) : null; ?>
<div class="sf-set set<?php echo ++$forum_page['item_count'] ?>">
<div class="sf-box text required">
<label for="fld<?php echo ++$forum_page['fld_count'] ?>"><span><?php echo $lang_login['Password'] ?> <em><?php echo $lang_common['Required'] ?></em></span></label><br />
<span class="fld-input"><input type="password" id="fld<?php echo $forum_page['fld_count'] ?>" name="req_password" value="<?php echo isset($_POST['req_password']) ? ($_POST['req_password']) : " ?>" size="35" /></span>
</div>
</div>
<?php ($hook = get_hook('li_login_pre_remember_me_checkbox')) ? eval($hook) : null; ?>
<div class="sf-set set<?php echo ++$forum_page['item_count'] ?>">
<div class="sf-box checkbox">
<span class="fld-input"><input type="checkbox" id="fld<?php echo ++$forum_page['fld_count'] ?>" name="save_pass" value="1" /></span>
<label for="fld<?php echo $forum_page['fld_count'] ?>"><span><?php echo $lang_login['Remember me'] ?></span> <?php echo $lang_login['Persistent login'] ?></label>
</div>
</div>
<?php ($hook = get_hook('li_login_pre_group_end')) ? eval($hook) : null; ?>
</div>
<?php ($hook = get_hook('li_login_group_end')) ? eval($hook) : null; ?>
<div class="frm-buttons">
<span class="submit"><input type="submit" name="login" value="<?php echo $lang_login['Login'] ?>" /></span>
</div>
</form>
</div>
<?php
($hook = get_hook('li_end')) ? eval($hook) : null;
$tpl_temp = forum_trim(ob_get_contents());
$tpl_main = str_replace('<!- forum_main ->', $tpl_temp, $tpl_main);
ob_end_clean();
// END SUBST - <!- forum_main ->
require FORUM_ROOT.'footer.php';
About the Authors:
Brett Hardin and Billy Rios run spotthevuln.com, a website dedicated to helping developers understand secure coding practices. You can find out more about the authors by visiting http://spotthevuln.com/about-spot-the-vuln/
Post a Comment
* Indicates a required field.