Extbasic 7

Learn how to do code review

Extbasic 7

Post by vh04x on Tue May 13, 2008 9:52 pm
([msg=2397]see Extbasic 7[/msg])

I know there's been a lot of confusion with ext 7, especially with the numerous changes to the code. Since so many people have asked for a push in the right direction, I shall give you a gentle tug. This is NOT A SPOILER (or at least I hope not), a guide, or a tutorial of any sort, but it may bring some light and allow you to take a different approach.

The mission in this case is not only to fix errors in the script, but also to secure a vulnerability in the script. In parsed languages such as PHP, when we speak of vulnerabilities, we usually deal with unsanitized user input. Now, where does the user have the opportunity to submit input?
vh04x
New User
New User
 
Posts: 1
Joined: Sun Apr 27, 2008 12:10 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by deadmoo on Sat May 31, 2008 11:30 am
([msg=3819]see Re: Extbasic 7[/msg])

This challenge is annoying. There are so many possible ways to filter/escape the input, how am I supposed to know which one i the "correct" answer?
deadmoo
New User
New User
 
Posts: 5
Joined: Fri May 16, 2008 7:17 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by eclipse_sphere on Sat May 31, 2008 12:09 pm
([msg=3820]see Re: Extbasic 7[/msg])

deadmoo wrote:This challenge is annoying. There are so many possible ways to filter/escape the input, how am I supposed to know which one i the "correct" answer?


Well, you can only change one line (should be able to see which) and only one thing in that line is unsecure, your looking for the easiest way to fix it.
eclipse_sphere
New User
New User
 
Posts: 1
Joined: Sun May 25, 2008 9:48 am
Blog: View Blog (0)


Re: Extbasic 7

Post by deadmoo on Sat May 31, 2008 8:59 pm
([msg=3849]see Re: Extbasic 7[/msg])

Maybe I am just completely off track. I understand all of that. My problem is all the solutions I have come up with only modify one line. There are probably over 2 dozen applicable functions in the standard PHP distribution, and you can use many different combinations of those functions with each other on the same line ( like the following code).
Code: Select all

<?php
// possibility one (this is the simplest one, but which of the 2 dozen applicable functions do I use)
$var = func1($var);

// possibility two
$var = func1(func2($var));

//possibility three
$var = func1(func2(func3($var)));

//possibility four (technically one line)
$var = func2($var); $var = func1($var);
?>
 
deadmoo
New User
New User
 
Posts: 5
Joined: Fri May 16, 2008 7:17 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by McGregBB on Wed Jun 04, 2008 8:32 am
([msg=3991]see Re: Extbasic 7[/msg])

Am I right that the vulnerability lies in the form declaration where an xss exploit might be possible?
McGregBB
New User
New User
 
Posts: 3
Joined: Wed Apr 16, 2008 3:22 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by SuperScience on Fri Jun 06, 2008 12:23 am
([msg=4089]see Re: Extbasic 7[/msg])

McGregBB wrote:Am I right that the vulnerability lies in the form declaration where an xss exploit might be possible?
Thats the only vulnerability that I can see too. I tried fixing it by replacing it with the static URL but that didn't work, and REQUEST_URI is no better. Any hints would be appreciated.
SuperScience
New User
New User
 
Posts: 4
Joined: Fri May 30, 2008 11:36 am
Blog: View Blog (0)


Re: Extbasic 7

Post by addik on Mon Jun 09, 2008 5:40 pm
([msg=4395]see Re: Extbasic 7[/msg])

The post/get mistake just gives a hint of what line has a mistake...

http://blog.phpdoc.info/archives/13-XSS-Woes.html will give you a hint, one thing I will say, make sure you try every variant of x function even if the differences are subtle.
addik
New User
New User
 
Posts: 1
Joined: Mon Jun 09, 2008 5:37 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by I-MrKnox-I on Sun Jun 15, 2008 6:14 am
([msg=4867]see Re: Extbasic 7[/msg])

This challenge is just guessing... Hoped we were done with that in the logics, but apparently not.

I really think HTS should consider changing their way of validating answers to contain several correct answers on challenges like this!
I-MrKnox-I
New User
New User
 
Posts: 20
Joined: Fri Apr 18, 2008 2:45 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by I-MrKnox-I on Tue Jun 17, 2008 2:56 am
([msg=5022]see Re: Extbasic 7[/msg])

Okay... I got it!
God, this was lame, but anyways...

I hope it is not to much of a spoiler - if so, feel free to edit!

Posible spoiler:

There are many ways to sanitize PHP_SELF (assuming you all know this is the vuln) as you might know by now. However, most of the ways will sanitize a lot of "innocent" chars too. We do not want this to happen. Luckily there is an alternative which is very alike, but only sanitizes the most "dangerous" chars like '<', '>' and quotes. This is what we are looking for.
I-MrKnox-I
New User
New User
 
Posts: 20
Joined: Fri Apr 18, 2008 2:45 pm
Blog: View Blog (0)


Re: Extbasic 7

Post by Mindzai on Wed Jun 18, 2008 3:24 pm
([msg=5177]see Re: Extbasic 7[/msg])

I-MrKnox-I wrote:Okay... I got it!
God, this was lame, but anyways...

I hope it is not to much of a spoiler - if so, feel free to edit!

Posible spoiler:

There are many ways to sanitize PHP_SELF (assuming you all know this is the vuln) as you might know by now. However, most of the ways will sanitize a lot of "innocent" chars too. We do not want this to happen. Luckily there is an alternative which is very alike, but only sanitizes the most "dangerous" chars like '<', '>' and quotes. This is what we are looking for.


Thanks for that. So many answers to this the validation code really should check for all possible answers (and convert case of the input for comparisons too!)
Mindzai
New User
New User
 
Posts: 7
Joined: Tue Jun 17, 2008 4:06 pm
Blog: View Blog (0)


Next

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests