Page 8 of 9

Re: Extended Basic 7

PostPosted: Fri Aug 31, 2012 4:05 am
by Monkey_master
When I try to enter the code , it says " Error! CSRF attack blocked " What's with that?

Re: Extended Basic 7

PostPosted: Thu Jan 10, 2013 5:15 pm
by ChronosX
This mission is bad. Why? Using <?= ?> tags makes the code more unreadable and it isn't on the first page of the PHP reference linked below. You don't need $_SERVER['PHP_SELF'], leaving it blank like <form action=""> will work fine. This also mission suggests that using htmlspecialchars() will prevent XSS it might in this case but often it is not enough.

Good resources:

http://markjaquith.wordpress.com/2009/09/21/php-server-vars-not-safe-in-forms-or-links/
http://www.wonko.com/post/html-escaping
http://blog.astrumfutura.com/2012/03/a-hitchhikers-guide-to-cross-site-scripting-xss-in-php-part-1-how-not-to-use-htmlspecialchars-for-output-escaping/

Re: Extended Basic 7

PostPosted: Thu Jan 10, 2013 6:58 pm
by fashizzlepop
The point of this mission isn't to show good coding practices. In fact, quite the opposite. It is geared toward having you read other people's code, spot bugs, and patch them.

Re: Extended Basic 7

PostPosted: Thu Jan 10, 2013 8:33 pm
by jeremia
i finally got it, i've typed the solution 5 times just because i added a ; at the and of my php =)
please, fix your validation code xD

Re: Extended Basic 7

PostPosted: Fri Jan 11, 2013 2:49 am
by fashizzlepop
jeremia wrote:i finally got it, i've typed the solution 5 times just because i added a ; at the and of my php =)
please, fix your validation code xD

Again, you should try and change as little as possible and stick to the conventions.

Re: Extended Basic 7

PostPosted: Sat Jan 19, 2013 10:37 am
by Pyrox6969
WOW you guys think you got it bad, Here is a big hint for anyone like me

USE ' ' as your quotes and NOT " "

spent hours trying to get this thing, and that was the problem the whole time. wow time for a cig, im pissed

Re: Extended Basic 7

PostPosted: Sun Jan 20, 2013 9:01 am
by fashizzlepop
Pyrox6969 wrote:WOW you guys think you got it bad, Here is a big hint for anyone like me<br><br>USE ' ' as your quotes and NOT " " <br><br>spent hours trying to get this thing, and that was the problem the whole time. wow time for a cig, im pissed


That's why for these missions if your solution isn't working, make sure you are using the conventions set forth in the rest of the mission.

Re: Extended Basic 7

PostPosted: Sun Nov 17, 2013 3:30 am
by voodooKobra
I think removing the action="" is probably the best practice for patching it, since browsers will automatically forward the user to the correct page. (This isn't an accepted solution, however.)

Re: Extended Basic 7

PostPosted: Thu Feb 27, 2014 1:23 pm
by CovertMagic
I too, am not old enough for this mission, I think!

HTML4 - action is "required" (though afaik browsers will default correctly):
http://www.w3.org/TR/html4/interact/forms.html#h-17.3

HTML5 - not required, features an example without it:
http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action

and therefore I favour deleting spurious/vulnerable code over patching...

Re: Extended Basic 7

PostPosted: Thu Oct 09, 2014 4:13 pm
by kumaus
It seems this mission is getting a lot of bad press. Strange as it seems, I actually liked it; I learned more than in the previous ext missions combined. The vulnerability shown here was new to me, looks pretty realistic and was quite an eye-opener. It is of course easy to make a wrong assumption about what to fix and then tear your hair out in frustration (which I certainly did). Collecting some things to watch out for (mostly repeats of things spread out over the previous 7 pages):
  • There are many things one could do different / better in this script. However, that is not the task here. Please remember that this mission is aimed at beginners like me, with the goals of illustrating a particular vulnerability and of showing a simple way of improving the situation
  • Read the intro carefully; the line to be fixed is a logical consequence of the task given (one easy bug and one vuln in a single line)
  • To solve this, you need to be very clear about the difference between what is written in the php script and what the browser shows to the user. If in doubt, try it out!
  • There are several different ways of fixing the line, only one of which is accepted as answer. Try to find an option which preserves the basic approach in the script and is minimally invasive (i.e. only changes those characters which actually enable this particular vulnerability)
  • Information about vulnerability and remedy are easy to find in the net
  • In order to avoid grief, copy the line to be fixed into a text editor, and take care not to introduce extra spaces