Extended Basic 7

Learn how to do code review

Re: Extended Basic 7

Post by gombos84 on Thu Aug 26, 2010 4:16 am
([msg=44344]see Re: Extended Basic 7[/msg])

Hello there!

Im really in need for some help. Im confused. Im pretty sure i know how to fix the vuln. and the bug, but i always get a refresh.
So here is my opinion: the vuln is a well known xss wich can be fixed with h**lent****s () and there is a bug with the method, but it aint working. Can someone pls pm a hint or something?

Edit: sry if it is a spoiler, in this case please delete it.
Edit #2: Nevermind i have done it...
gombos84
New User
New User
 
Posts: 1
Joined: Thu Aug 26, 2010 4:10 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by Avery17 on Thu Sep 23, 2010 10:39 pm
([msg=46400]see Re: Extended Basic 7[/msg])

Fucking shit... finally got it after like 30 guesses....

HTS Admins, Please fix this MAJOR problem with Ext Basic 7. Its about learning how to sanitize a script, there is more than one way to do it. At least include more than just one possibility.
Avery17
Experienced User
Experienced User
 
Posts: 81
Joined: Fri Sep 17, 2010 11:28 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by fashizzlepop on Fri Sep 24, 2010 12:06 am
([msg=46401]see Re: Extended Basic 7[/msg])

Well, it probably forced you to look up some different methods of doing this. So you probably learned more this way than if it was super easy.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by atzame on Sat Sep 25, 2010 2:46 am
([msg=46468]see Re: Extended Basic 7[/msg])

Lol. The form name was pretty funny. Don't know the guy but whoever made this level made their feelings pretty clear. Still trying to figure this one out. I'm still new to most of this and learning bits and pieces as I go but I know what the bug is and pretty sure I know what the vulnerability is but not sure about the correct syntax for the fix. The only fix to the vulnerability I think would have to go in the php to prevent anyone else from just altering the html and then submitting. However it looks like the bug is in the html so I'm not sure if we're supposed to check from where the start of the vulnerability is to the bug or if I'm just not understanding what I need to do. I've seen in several of the earlier posts that we only need to check one line.

Edit: Never mind, got it. It's what I thought it was at first but I didn't apply the function to the whole variable. Just the inner part of it. My question is: How is this really a fix when someone who knows what they're doing can just take out the fix and then submit? Like I said, I'm still a noob at this but wouldn't it be better to do the fix in the php?
User avatar
atzame
New User
New User
 
Posts: 11
Joined: Tue Sep 21, 2010 1:51 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by fashizzlepop on Sun Sep 26, 2010 2:14 am
([msg=46542]see Re: Extended Basic 7[/msg])

When you put in the fix it IS in PHP. That's what sanitizes it. You obviously don't understand HOW you solved this.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by atzame on Sun Sep 26, 2010 10:32 pm
([msg=46587]see Re: Extended Basic 7[/msg])

I'm pretty sure the fix was in in the html and wasn't in a separate php script. I might be new at this but I think I can recognize the difference between the two. The way the fix went, you're sanitizing the input going to the php from the html. It's not that hard to change the coding for a one time submit. The syntax for the sanitize might be php, but the coding for it is still going in the html. I was wondering if it would be more secure to sanitize the string from within a server side php script rather than in the html.
User avatar
atzame
New User
New User
 
Posts: 11
Joined: Tue Sep 21, 2010 1:51 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by fashizzlepop on Sun Sep 26, 2010 11:02 pm
([msg=46591]see Re: Extended Basic 7[/msg])

1st: HTML cannot sanitize input, it only hands it to PHP.
2nd: You DON'T know the difference enough yet as you have not noticed that it IS PHP and not HTML.
3rd: Read up more on how you completed this mission.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by atzame on Sun Sep 26, 2010 11:31 pm
([msg=46592]see Re: Extended Basic 7[/msg])

I realize it is a php command. The question that I'm asking is if it's possible to sanitize it in the .php file where it's less likely that the attacker will see it instead of including it with the form on the web page. The way I'm reading the script, the upper half of the script can be placed either in the html document or in a separate .php file on the server while the bottom half is included in the html. Can it be sanitized using that command in the .php file rather than including it on the page. I know why the command is being used, I'm just asking if there would be a better place to put it where the attacker would have a harder time changing it or knowing how he needs to modify his code to get through.
User avatar
atzame
New User
New User
 
Posts: 11
Joined: Tue Sep 21, 2010 1:51 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by fashizzlepop on Mon Sep 27, 2010 8:27 pm
([msg=46623]see Re: Extended Basic 7[/msg])

You should try to copy and paste the exact code into your web server then access it. You will answer your own question. Like I said, you obviously DON'T KNOW ENOUGH about PHP yet.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by atzame on Mon Sep 27, 2010 9:27 pm
([msg=46635]see Re: Extended Basic 7[/msg])

I'll agree with you that I don't know enough about php, I never dealt with it until joining this site about a week ago. I've used computers most of my life but haven't gotten into scripting until recently so I'm learning it as I go. My question wasn't what language was being used but more where the code was saved and if the user could access it. You're right that I probably don't know enough about php and that's why I was asking. From what I've seen users cannot access and see the php files. I plan on learning more about it and several other languages along with how they interact. Prior to this the only real programming experience I'd had was a couple of True Basic classes about 11 years ago and I've forgotten most of it lol. Right now I'm just starting a Visual Basic class and am also learning javascript on my own. Besides the TB classes, VB class and an intro to site development class I just finished I have no other formal education in scripting. I've been interested in it but other things took precedence. Anyway I might give your idea a try and see exactly what it does. I'm also trying to write my own scripts as opposed to copying and pasting but sometimes it's good to learn by example as well.
User avatar
atzame
New User
New User
 
Posts: 11
Joined: Tue Sep 21, 2010 1:51 am
Blog: View Blog (0)


PreviousNext

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests