Extended Basic 7

Learn how to do code review

Re: Extended Basic 7

Post by goluhaque on Wed Jan 27, 2010 1:48 am
([msg=33968]see Re: Extended Basic 7[/msg])

i know d line where the bug is. is d function v hv 2 use is html_en**ty_de****() ?
if its a spoiler, sorry. im clueless.
(23:45:03) hauk: I guess you are over the best part of your life when 4-year-olds say "Are you an evil man?"
(23:46:19) hauk: and "Ima punch you in the pecker"
User avatar
goluhaque
Poster
Poster
 
Posts: 153
Joined: Mon Apr 13, 2009 12:08 am
Location: India
Blog: View Blog (0)


Re: Extended Basic 7

Post by eljonto on Wed Jan 27, 2010 5:26 pm
([msg=33998]see Re: Extended Basic 7[/msg])

goluhaque wrote:i know d line where the bug is. is d function v hv 2 use is html_en**ty_de****() ?

No
-Quis custodiet ipsos custodes?, Juvenal
_________________________________________________________________
User avatar
eljonto
Poster
Poster
 
Posts: 373
Joined: Thu Apr 17, 2008 1:16 am
Location: Australia
Blog: View Blog (0)


Re: Extended Basic 7

Post by Bv202 on Mon Mar 08, 2010 8:24 am
([msg=36305]see Re: Extended Basic 7[/msg])

This ******.

I know exactly what the bug and vuln is. I also know how to fix it, but it just doesn't accept my answer.

Can't I just PM someone with my answer so you could give me a hint what's wrong? I can't post what I'm doing without spoiling everything.
Bv202
New User
New User
 
Posts: 6
Joined: Sat Sep 13, 2008 11:08 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by nermd on Mon Mar 08, 2010 9:42 am
([msg=36310]see Re: Extended Basic 7[/msg])

you can send me a pm ...
With this world there is no understanding, we belong their only to the extent, as we rebel against it (Theodor W. Adorno) --> if somebody knows a "official" translation for the well known german quote ... pls let me know!
User avatar
nermd
New User
New User
 
Posts: 42
Joined: Fri May 23, 2008 3:22 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by Bv202 on Mon Mar 08, 2010 2:24 pm
([msg=36319]see Re: Extended Basic 7[/msg])

I'll do, thanks ;)
Bv202
New User
New User
 
Posts: 6
Joined: Sat Sep 13, 2008 11:08 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by tremor77 on Fri Apr 02, 2010 12:35 am
([msg=37602]see Re: Extended Basic 7[/msg])

I saw the problems in the code as soon as I opened the page...

that being said, took a little over 3 hours to get the 'right' fix as you have it.... should consider editing the mission answer check for the other possible answers that IMHO are also very much correct...

sorry if this has been said a billion times but I just needed to vent that. :evil: :twisted:
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 860
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Extended Basic 7

Post by trandoanhung1991 on Thu May 27, 2010 9:19 pm
([msg=39176]see Re: Extended Basic 7[/msg])

Ok, so I changed the method, and used htmls***********_d*c*** with ENT_QUOTES. What else do I need? Sorry if I sound rude but this one's getting on my nerves :lol:
trandoanhung1991
New User
New User
 
Posts: 5
Joined: Sat Jun 06, 2009 7:39 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by st0w on Mon Jun 21, 2010 8:25 am
([msg=40538]see Re: Extended Basic 7[/msg])

trandoanhung1991 wrote:Ok, so I changed the method, and used htmls***********_d*c*** with ENT_QUOTES. What else do I need? Sorry if I sound rude but this one's getting on my nerves :lol:


That's not the right function to use. Think about what the function you're talking about would do. Think about what type of attack you're trying to prevent. Are the answers to those questions the same, or are they mutually exclusive?

As has already been said multiple times - there are several perfectly valid ways to prevent exploitation of the presented vuln. And the code should really allow any of the various alternatives... But currently, it does not. Which can be helpful on the one hand, because it forces you to think about all the different ways you can accomplish the task. Unless, of course, your first guess is the right one. :)
st0w
New User
New User
 
Posts: 3
Joined: Sat Jun 19, 2010 7:04 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by kaoS555 on Thu Jul 22, 2010 11:37 pm
([msg=42542]see Re: Extended Basic 7[/msg])

OMG this one took me forever to figure out, but I just got it after visiting a few of the links provided in this thread. It is all in how you sanitize to prevent the XSS vuln, I feel so special now. :mrgreen:
kaoS555
New User
New User
 
Posts: 13
Joined: Sat Jul 17, 2010 6:34 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by Mr Fredward on Wed Aug 18, 2010 12:32 pm
([msg=43893]see Re: Extended Basic 7[/msg])

I cheated and looked up the answer after 2 hours of trying to guess what kind of sanitization the knuckle head who wrote this challenge liked best. Since the challenge is about identifying the vulnerability, not wasting your life guessing sanitization, I don't think its a spoiler to say don't waste time with php sanitization functions like I did, and instead look at string functions meant to encode special chars, particularly chars that are special in html. *wink wink nudge nudge*

http://www.php.net/manual/en/ref.strings.php

All you need to do is sanitize and fix a simple bug, don't overthink it and change the way it gets the dangerous string entirely.
Mr Fredward
New User
New User
 
Posts: 1
Joined: Wed Aug 18, 2010 12:10 pm
Blog: View Blog (0)


PreviousNext

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests