AppSec Blog

Spot the Vuln - Radical

When you are right, you cannot be too radical; When you are wrong, you cannot be too conservative.
- Martin Luther King, Jr.

Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications.

<?php if ($data!=") { ?> <img src="/generator/?generate=<?php echo urlencode($data)?>"/> <?php } ?> </div><br/> <form action="/generator/" name="wizard" method="post" class="BezahlCodeForm"> <label for="singlepayment"><input type="radio" id="singlepayment" name="gen_type" value="singlepayment" <?php if($_REQUEST['gen_type']=="singlepayment" || empty($_REQUEST['gen_type'])) echo 'checked="checked"'?> /> &Uuml;berweisung</label><br /> <label for="singlepaymentspende"><input type="radio" id="singlepaymentspende" name="gen_type" value="singlepaymentspende" <?php if($_REQUEST['gen_type']=="singlepaymentspende") echo 'checked="checked"'?>/> Spendenzahlung</label><br /> <label for="singledirectdebit"><input type="radio" id="singledirectdebit" name="gen_type" value="singledirectdebit" <?php if($_REQUEST['gen_type']=="singledirectdebit") echo 'checked="checked"'?>/> Lastschrift</label><br /> Name:<br /><input type="text" tooltipText="Format: DTAUS Text" id="gen_name" onblur="checkInput(this, 'dtaus')" name="gen_name" maxlength="27" value="<?= isset($_REQUEST['gen_name'])?$_REQUEST['gen_name']:""?>"> <br /> Kontonummer:<br /><input type="text" tooltipText="Format: Ganzzahl z.B. 1234" id="gen_account" onblur="checkInput(this, 'ganzzahl')" name="gen_account" value="<?= isset($_REQUEST['gen_account'])?$_REQUEST['gen_account']:""?>" > <br /> BLZ:<br /><input type="text" tooltipText="Format: Ganzzahl z.B. 1234" id="gen_BNC" onblur="checkInput(this, 'ganzzahl')" name="gen_BNC" value="<?= isset($_REQUEST['gen_BNC'])?$_REQUEST['gen_BNC']:""?>" > <br /> Betrag in Euro (z.B. 1234,50) <br /><input type="text" tooltipText="Format: Dezimalzahl z.B. 1234,50" onblur="checkInput(this, 'dezimalzahl')" id="gen_amount" name="gen_amount" value="<?= isset($_REQUEST['gen_amount'])?$_REQUEST['gen_amount']:""?>" > <br /> Verwendungszweck:<br /><input type="text" id="gen_reason" tooltipText="Format: DTAUS Text" onblur="checkInput(this, 'dtaus')" name="gen_reason" maxlength="54" value="<?= isset($_REQUEST['gen_reason'])?$_REQUEST['gen_reason']:""?>" > <br/> <input type="button" value="Erstellen" onclick='javascript:generateImage();'> </form> <?php if(!(get_option("bezahlcode_showlink") == "hidden")) {?> <br /> <span class="bezahlCodeLink">Weitere Informationen: <a href="" title="BezahlCode - Schnell, einfach und sicher bezahlen" target="_blank"></a></span> <?php } ?> </div> <script type="text/javascript"> var tooltipObj = new DHTMLgoodies_formTooltip(); tooltipObj.initFormFieldTooltip(); </script>
About the Authors:
Brett Hardin and Billy Rios run, a website dedicated to helping developers understand secure coding practices. You can find out more about the authors by visiting

Post a Comment - Cancel Reply


* Indicates a required field.