Writing is a struggle against silence.
Carlos Fuentes
Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <?php include("./config.php"); include("./functions.php"); $query = $_SERVER['QUERY_STRING']; parse_str($query); ConnectToDB($server, $user, $pw, $dbname); ?> <style type="text/css"> <!-- @import url("./style.css"); --> </style> <script> <!-- function setfocus() { document.form1.cmd.focus(); document.form1.logfield.scrollTop = '9999'; } --> </script> </head> <body onload="setfocus()"> <?php if($_POST['pw']!=$botpw) { ?> <table width="242" border="0" cellpadding="0" cellspacing="0" bgcolor="#D0EAD2" class="tableborder"> <!--DWLayoutTable--> <tr> <td width="239" height="44" valign="top"><form action="./control.php" method="post" name="login" id="login"> Password:<br> <input name="pw" type="password" id="pw"> <input name="login" type="submit" id="login" value="Login"> </form></td> </tr> </table> <?php } else { ?> <table width="516" border="0" cellpadding="0" cellspacing="0" bgcolor="#D5E1F0" class="tableborder"> <!--DWLayoutTable--> <tr> <td width="78" height="43" valign="middle"><form action="./control.php" method="post" name="logout" id="logout"> <input name="logout" type="submit" id="logout" value="Logout"> </form></td> <td width="143" valign="middle"><form action="./control.php" method="post" name="command" id="command"> <input name="command" type="submit" id="command" value="Command center"> <input name="pw" type="hidden" id="pw" value="<?php echo($_POST['pw']); ?>"> </form></td> <td width="193" valign="middle"><form action="./control.php" method="post" name="queue" id="queue"> <input name="queue" type="submit" id="queue" value="Manage commandqueue"> <input name="pw" type="hidden" id="pw" value="<?php echo($_POST['pw']); ?>"> </form></td> <td width="101" valign="middle"><form action="./control.php" method="post" name="logdel" id="logdel"> <input name="logdel" type="submit" id="logdel" value="Delete log"> <input name="pw" type="hidden" id="pw" value="<?php echo($_POST['pw']); ?>"> </form></td> </tr> </table> <?php if(isset($_POST['queue'])) { if(isset($_POST['action'])) { if($_POST['action']==2) { DeleteCommandsFromQueue(); } if($_POST['action']==4) { EditCommandForBot(); } } if($_POST['action']!=3) { ?> <br> <form action="./control.php" method="post" name="form1" id="form1"> <table width="648" border="0" cellpadding="0" cellspacing="0" bgcolor="#F2ECD7" class="tableborder"> <!--DWLayoutTable--> <tr> <td height="486" colspan="2" valign="top">Bot:<br> <select name="botselect" id="botselect"> <?php ShowAllBotsCmdList(); ?> </select>
About the Authors:
Brett Hardin and Billy Rios run spotthevuln.com, a website dedicated to helping developers understand secure coding practices. You can find out more about the authors by visiting http://spotthevuln.com/about-spot-the-vuln/
Post a Comment - Cancel Reply
* Indicates a required field.