Extended Basic 7

Learn how to do code review

Extended Basic 7

Post by comperr on Thu Apr 24, 2008 8:20 pm
([msg=1243]see Extended Basic 7[/msg])

As some of you may have noticed extbasic 7 has changed a few times.
Here is the final version of the CODE:
Code: Select all
<pre>
<?php
if (!empty($_POST['data']))
{
   $data = mysql_real_escape_string($_POST['data']);
   mysql_query("INSERT INTO tbl_data (data) VALUES '$data'");
}

?>
<form name="grezvahfvfnjuvavatovgpu" action="<?=$_SERVER['PHP_SELF']?>" method="get">
   <input type="textbox" name="data" />
   <input type="submit" />
</form>
</pre>
User avatar
comperr
Poster
Poster
 
Posts: 373
Joined: Mon Apr 07, 2008 6:52 pm
Location: /dev/null
Blog: View Blog (0)


Re: Extended Basic 7

Post by TheMindRapist on Thu Apr 24, 2008 8:25 pm
([msg=1245]see Re: Extended Basic 7[/msg])

Hmm, I think that's how it was when I did it.
Image
User avatar
TheMindRapist
Contributor
Contributor
 
Posts: 585
Joined: Mon Apr 14, 2008 4:57 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by Nyteblade on Fri Apr 25, 2008 8:21 am
([msg=1273]see Re: Extended Basic 7[/msg])

Nice... I was beginning to think I was going nuts ;) LOL
(is it GET?... I thought it was POST... wait, or was it GET? Maybe it was... was it? I don't know now. My head hurts. "Our precious. We's must take the precious from those stupid hobbitses") LMAO :D
Nyteblade
New User
New User
 
Posts: 39
Joined: Mon Apr 14, 2008 10:56 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by satanswrath on Sun Jun 08, 2008 10:24 am
([msg=4271]see Re: Extended Basic 7[/msg])

Isnt it method="post"> instead of ="get">?
I tried changing it but its still not right.. Tried XSS but didnt work.
Any hints?
satanswrath
New User
New User
 
Posts: 13
Joined: Sun Apr 27, 2008 11:00 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by nermd on Wed Jun 11, 2008 1:52 pm
([msg=4524]see Re: Extended Basic 7[/msg])

i realy dont get this, i mean i tried every function i know suitable to prevent the xss with ; and without ; at the end, i even tried different style of coding (blanks between the tags and php code or between functionname and () ...), i also tried every combination with method="post" and method="get".
Please, change your validation code, thats just boring ... :(
With this world there is no understanding, we belong their only to the extent, as we rebel against it (Theodor W. Adorno) --> if somebody knows a "official" translation for the well known german quote ... pls let me know!
User avatar
nermd
New User
New User
 
Posts: 42
Joined: Fri May 23, 2008 3:22 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by I-MrKnox-I on Sun Jun 15, 2008 6:27 am
([msg=4869]see Re: Extended Basic 7[/msg])

/agree nermd
I-MrKnox-I
New User
New User
 
Posts: 20
Joined: Fri Apr 18, 2008 2:45 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by comperr on Mon Jun 16, 2008 8:57 pm
([msg=5010]see Re: Extended Basic 7[/msg])

Look for a BUG and a VULN. There are TWO problems!
User avatar
comperr
Poster
Poster
 
Posts: 373
Joined: Mon Apr 07, 2008 6:52 pm
Location: /dev/null
Blog: View Blog (0)


Re: Extended Basic 7

Post by Mindzai on Wed Jun 18, 2008 3:17 pm
([msg=5175]see Re: Extended Basic 7[/msg])

comperr wrote:Look for a BUG and a VULN. There are TWO problems!


Part of the problem I think is that the vuln can be fixed in a variety of ways (using $_SERVER['SCRIPT_FILENAME'], #, basename(__FILE__) to name but 3). The bug is easy enough to fix but valid fixes for the XSS vuln are not accepted.
Mindzai
New User
New User
 
Posts: 7
Joined: Tue Jun 17, 2008 4:06 pm
Blog: View Blog (0)


Re: Extended Basic 7

Post by pitagora on Thu Jun 19, 2008 4:01 am
([msg=5257]see Re: Extended Basic 7[/msg])

edit:spoiler
pitagora
New User
New User
 
Posts: 8
Joined: Tue Jun 17, 2008 10:41 am
Blog: View Blog (0)


Re: Extended Basic 7

Post by sharpskater69 on Tue Jun 24, 2008 5:48 pm
([msg=5701]see Re: Extended Basic 7[/msg])

I-MrKnox-I, another thread wrote:Posible spoiler:

There are many ways to sanitize [Removed] (assuming you all know this is the vuln) as you might know by now. However, most of the ways will sanitize a lot of "innocent" chars too. We do not want this to happen. Luckily there is an alternative which is very alike, but only sanitizes the most "dangerous" chars like '<', '>' and quotes. This is what we are looking for.


That should give an idea, now look up string functions.
Last edited by TheMindRapist on Thu Aug 14, 2008 8:15 pm, edited 1 time in total.
Reason: Spoiler
sharpskater69
New User
New User
 
Posts: 34
Joined: Tue Apr 22, 2008 4:10 pm
Blog: View Blog (0)


Next

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests

cron