Register vulnerabil la XSS
Scris: Lun Dec 19, 2011
Fara vreun motiv anume am incercat la propriul register sa introduc in loc de USERNAME si asa am descoperit ca scriptul de inregistrare este foarte vulnerabil la un atac XSS...
Ce as putea face sa previn un astfel de atac...
Asta e config.php de la scriptul meu...
Si register.php
Cod: Selectaţi tot
<script>alert("Without Reason")</script>
Ce as putea face sa previn un astfel de atac...
Asta e config.php de la scriptul meu...
Cod: Selectaţi tot
<?php
define("DBHost", "localhost");
define("DBName", "codatabase");
define("DBUser", "root");
define("DBPass", "parola");
class Database
{
protected $connection;
protected $database;
public function __construct()
{
echo $settings['DBUser'];
$this->connection = @mysql_connect(DBHost, DBUser, DBPass);
$this->database = @mysql_select_db(DBName);
}
function ProcRegister($Username, $Password, $Password2, $email)
{
if($Username != "" && $Password != "" && $Password2 != "" && $email != "")
{
if(strlen($Username) > 5 && strlen($Username) < 15)
{
if(eregi("^([0-9a-z])+$", $Username))
{
if(!$this->UsernameExists($Username))
{
if($Password == $Password2)
{
if(strlen($Password) > 6 && strlen($Password) < 20)
{
$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"."\.([a-z]{2,}){1}$";
if(eregi($regex, $email))
{
$this->completeRegister($Username, $Password, $email);
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Please enter your E-mail address!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Password should be 6-20 characters!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Confirm Password should be 6-20 characters!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] This account ID has been taken. Please a different username!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Account ID should have only letters or/and numbers!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Account ID should be 5-15 characters!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"> <div style="padding:0px;line-height:19px;"><center>[ERROR] Type in all of the Required informations</div></center></font></font>';
}
}
private function completeRegister($Username, $Password, $email)
{
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "INSERT INTO `accounts` (`Username`, `Password`, `Email`, `State`) VALUES ('$Username', '$Password', '$email', '0')";
if($sql = mysql_query($sql, $this->connection))
{
echo '<font color="#FDD017"><font size="3" face="Arial"><center>[SUCCESS] Account was created successfully. Validate your account in 3 seconds. <meta HTTP-EQUIV="REFRESH" content="3; url=validate.php">
</center>
</font></font>';
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Unknown Error processing your requests. We are Sorry!</div></center></font></font>';
}
}
private function UsernameExists($Username)
{
$sql = "SELECT * FROM `accounts` WHERE `Username` = '$Username'";
$sql = @mysql_query($sql, $this->connection);
$sql = @mysql_num_rows($sql);
if($sql > 0)
{
return true;
} else {
return false;
}
}
}
$db = new Database();
?>
Cod: Selectaţi tot
<?php
session_start();
@require_once("config.php");
if(!isset($_SESSION['user']))
{ $_SESSION['user'] = ""; }
if(!isset($_SESSION['email']))
{ $_SESSION['email'] = ""; }
if(isset($_POST['submit']))
{
$_SESSION['user'] = $_POST['user'];
$_SESSION['email'] = $_POST['email'];
$db->ProcRegister($_POST['user'], $_POST['pass'], $_POST['pass2'], $_POST['email']);
}
echo '<br/>
<script type="text/javascript" src="rc.js"></script>
<form method="post" action="">
<body style="overflow:hidden;">
<div class="fbar">
<div class="ftitle">CREATE YOUR NEW ACCOUNT</div>
<div class="clear"></div>
</div>
<div id="fbody" class="fbody">
<div style="">
<div class="fdesc">You must use a valid email address and write down your security code, otherwise you wont be able to:<br/>* Change or retrieve any information about your account<br/>* Get help from our GMs about your account</div>
<form name="registro" id="registro">
<div class="flabel" style="">
<div class="fitem" style=""><label for="rusername">USERNAME</label></div>
<div id="husername" class="fwhat">?</div>
<div class="finput" style=""><input class="ffield" type="text" value="" placeholder="username (5-15 characters)" id="rusername" name="user" value="'.$_SESSION['user'].'" /></div>
<div id="errorusername" style="float: left; width: 100%;"></div>
<div class="clear"></div>
</div>
<div class="flabel">
<div class="fitem"><label for="rpassword1">PASSWORD</label></div>
<div id="hpassword1" class="fwhat">?</div>
<div class="finput"><input class="ffield" type="password" value="" placeholder="password (6-20 characters)" name="pass" value="" /></div>
<div id="errorpassword" style="float: left; width: 100%;"></div>
<div class="clear"></div>
</div>
<div class="flabel">
<div class="fitem"><label for="rpassword2">CONFIRM PASSWORD</label></div>
<div id="hpassword2" class="fwhat">?</div>
<div class="finput"><input class="ffield" type="password" value="" placeholder="repeat password" name="pass2" value="" /></div>
<div class="clear"></div>
</div>
<div class="flabel">
<div class="fitem"><label for="remail">EMAIL </label></div>
<div id="hemail" class="fwhat">?</div>
<div class="finput"><input class="ffield" type="text" placeholder="email must be valid" required name="email" value="'.$_SESSION['email'].'" /></div>
<div id="erroremail" style="float: left; width: 100%;"></div>
<div class="clear"></div>
</div>
<div class="flabel" style="text-align: right;"> <button name="submit" id="Submit" type="submit" class="button">
Submit Registration
</button></div>
<div style="height: 5px;"></div>
</form>
</div>
</div>
<div id="errors" name="errors" class="errors"></div>
</body>
';?>