Pagina 1 din 1

Register vulnerabil la XSS

Scris: Lun Dec 19, 2011
de LCristian
Fara vreun motiv anume am incercat la propriul register sa introduc in loc de USERNAME

Cod: Selectaţi tot

<script>alert("Without Reason")</script>
si asa am descoperit ca scriptul de inregistrare este foarte vulnerabil la un atac XSS...
Ce as putea face sa previn un astfel de atac...

Asta e config.php de la scriptul meu...

Cod: Selectaţi tot

<?php

define("DBHost", "localhost");
define("DBName", "codatabase");
define("DBUser", "root");
define("DBPass", "parola");

class Database
{
	protected $connection;
	protected $database;

	public function __construct()
	{
		echo $settings['DBUser'];
		$this->connection = @mysql_connect(DBHost, DBUser, DBPass);
		$this->database = @mysql_select_db(DBName);
	}
	function ProcRegister($Username, $Password, $Password2, $email)
	{
		if($Username != "" && $Password != "" && $Password2 != "" && $email != "")
		{
			if(strlen($Username) > 5 && strlen($Username) < 15)
			{
				if(eregi("^([0-9a-z])+$", $Username))
				{
					if(!$this->UsernameExists($Username))
					{
						if($Password == $Password2)
						{
							if(strlen($Password) > 6 && strlen($Password) < 20)
							{
								$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"."\.([a-z]{2,}){1}$";
								if(eregi($regex, $email))
								{
									$this->completeRegister($Username, $Password, $email);
								} else {
									echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Please enter your E-mail address!</div></center></font></font>';
								}
							} else {
								echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Password should be 6-20 characters!</div></center></font></font>';
							}
						} else {
							echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Confirm Password should be 6-20 characters!</div></center></font></font>';
						}
					} else {
						echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] This account ID has been taken. Please a different username!</div></center></font></font>';
					}
				} else {
					echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Account ID should have only letters or/and numbers!</div></center></font></font>';
				}
			} else {
				echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Account ID should be 5-15 characters!</div></center></font></font>';
			}
		} else {
			echo '<font size="3" color="#e82d40"> <div style="padding:0px;line-height:19px;"><center>[ERROR] Type in all of the Required informations</div></center></font></font>';
		}
	}
	private function completeRegister($Username, $Password, $email)
	{
		$ip = $_SERVER['REMOTE_ADDR'];
		$sql = "INSERT INTO `accounts` (`Username`, `Password`, `Email`, `State`) VALUES ('$Username', '$Password', '$email', '0')";
		if($sql = mysql_query($sql, $this->connection))
		
		{
			echo '<font color="#FDD017"><font size="3" face="Arial"><center>[SUCCESS] Account was created successfully. Validate your account in 3 seconds. <meta HTTP-EQUIV="REFRESH" content="3; url=validate.php">   
</center>
			</font></font>';
		} else {
			echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Unknown Error processing your requests. We are Sorry!</div></center></font></font>';
		}
	}
	private function UsernameExists($Username)
	{
		$sql = "SELECT * FROM `accounts` WHERE `Username` = '$Username'";
		$sql = @mysql_query($sql, $this->connection);
		$sql = @mysql_num_rows($sql);
		if($sql > 0)
		{
			return true;
		} else {
			return false;
		}
	}
}
$db = new Database();
?>
Si register.php

Cod: Selectaţi tot

<?php
session_start();
@require_once("config.php");

if(!isset($_SESSION['user']))
{ $_SESSION['user'] = ""; }
if(!isset($_SESSION['email']))
{ $_SESSION['email'] = ""; }
if(isset($_POST['submit']))
{
	$_SESSION['user'] = $_POST['user'];
	$_SESSION['email'] = $_POST['email'];

	$db->ProcRegister($_POST['user'], $_POST['pass'], $_POST['pass2'], $_POST['email']);
}
echo '<br/>
<script type="text/javascript" src="rc.js"></script>
<form method="post" action="">

<body style="overflow:hidden;">
<div class="fbar">
  <div class="ftitle">CREATE YOUR NEW ACCOUNT</div>
  <div class="clear"></div>
</div>
<div id="fbody" class="fbody">
  <div style="">
    <div class="fdesc">You must use a valid email address and write down your security code, otherwise you wont be able to:<br/>* Change or retrieve any information about your account<br/>* Get help from our GMs about your account</div>
    <form name="registro" id="registro">
    <div class="flabel" style="">
      <div class="fitem" style=""><label for="rusername">USERNAME</label></div>
      <div id="husername" class="fwhat">?</div>
      
      <div class="finput" style=""><input class="ffield" type="text" value="" placeholder="username (5-15 characters)" id="rusername" name="user" value="'.$_SESSION['user'].'" /></div>
      <div id="errorusername" style="float: left; width: 100%;"></div>
      <div class="clear"></div>
    </div>
    <div class="flabel">
      <div class="fitem"><label for="rpassword1">PASSWORD</label></div>
      <div id="hpassword1" class="fwhat">?</div>
      
      <div class="finput"><input class="ffield" type="password" value="" placeholder="password (6-20 characters)" name="pass" value="" /></div>
      <div id="errorpassword" style="float: left; width: 100%;"></div>
      <div class="clear"></div>
    </div>
    <div class="flabel">
      <div class="fitem"><label for="rpassword2">CONFIRM PASSWORD</label></div>
      <div id="hpassword2" class="fwhat">?</div>
      
      <div class="finput"><input class="ffield" type="password" value="" placeholder="repeat password" name="pass2" value="" /></div>
      <div class="clear"></div>
    </div>
    <div class="flabel">
      <div class="fitem"><label for="remail">EMAIL </label></div>
      <div id="hemail" class="fwhat">?</div>
      
      <div class="finput"><input class="ffield" type="text" placeholder="email must be valid" required name="email" value="'.$_SESSION['email'].'" /></div>
      <div id="erroremail" style="float: left; width: 100%;"></div>
      <div class="clear"></div>
    </div>
    
    <div class="flabel" style="text-align: right;"> <button name="submit" id="Submit" type="submit" class="button">  
    Submit Registration
    </button></div>

    <div style="height: 5px;"></div>
    </form>
  </div>
</div>
<div id="errors" name="errors" class="errors"></div>
</body>
';?>

Register vulnerabil la XSS

Scris: Mar Dec 20, 2011
de claUdiu
Eu unul nu inteleg nimic cand vine vorba de clase, dar, pune asa:

Cod: Selectaţi tot

$ceva = mysql_real_escape_string($_POST['ceva']);
Pune linia de sus la toate datele care vin prin POST sau GET

Register vulnerabil la XSS

Scris: Mar Dec 20, 2011
de MarPlo
Ca sa elimini in script tag-urile care pot fi adaugate /trimise prin GET sau POST, poti folosi urmatorul cod in scriptul PHP.

Cod: Selectaţi tot

if(isset($_GET)) $_GET = array_map("strip_tags", $_GET);
if(isset($_POST)) $_POST = array_map("strip_tags", $_POST);