Blind SQL injection

This carries on from the SQL injection article. The previous example was a slightly contorted result since I was using information that I knew about the database and the results returned were appearing in the page. I was just trying to introduce the concepts. Now here I’m introducing automated blind SQL injection. Source code for this article is avaiable in a zip file.
(more…)

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter

Preventing Cross Site Scripting (XSS) In Your Code

Cross-Site Scripting (XSS) is a vulnerablity where an attacker can put their own code on your site. Often javascript is used so I’ll use it here in my examples.

Here’s a code example:
(more…)

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter

Analysing web server logs for WordPress

I’ve found the WordPress stats plugins a bit annoying at times. So, I wrote my own web server log analyser. It runs on the command line. Most web stats plugins seem to rely on javascript in the pages delivered. Since users might have javascript turned off this might not count their page requests. However, if you have access to the web server logs then you have an amazing source of information.

(more…)

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter

Preventing Email injection in a webapp form

Suppose I have a feedback form on a webpage. Something like:


<form method="get" action="testmail.php">
Email: <input name="email" type="text" value="" />
<br />
Feedback: <textarea name="feedback"></textarea>
</form>

And suppose I deal with it in PHP a bit like this:


$from = '' .POST["email"];
$feedback = '' . $_POST["feedback"];
$rtn = mail('james@rootdev.com', "Feedback from website", $feedback, "From: " . $from);

What could possibly go wrong?

Quite a lot.
(more…)

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter

Demonstrating the need for HTML and SQL encoding by building an insecure blog and hacking it

I’m going to create the worst blogging software in the world, consisting of a single web page displaying a list of comments and where users can post new comments or search for comments. The data will be stored in a MySQL database. The site is going to have horrendous security flaws (on purpose). Then I’m going to hack it’s innermost secrets just through the web page. Then I’ll show you how to make it secure.

(more…)

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter