30 Jun 10 Cross Site Scripting XSS
As a website security consultant, Cross Site Scripting or XSS vulnerabilities are something that I see just as often as the always popular SQL Injection attack.
Cross Site Scripting seems to have originally meant, placing some malicious code on your victim site, that would pull code (usually javascript, but sometimes vbscript) from another malicious domain. Each client that visited the victim site, would end up unknowingly having 3rd party malicious script code executed on his own browser. Now, it has become a term used to describe any type of malicious scripting attack.
The first example is a simple one. Many sites allow user comments. A user could quite easily enter:
This is my comment!<script type=”text/javascript”>
alert(“script!”);
</script>
Any user that hits this affected page, will now see a popup box with the text “script!”. The user could also just as easily have entered a script source of http://www.nastydomain.com/nastyscript.js which will be downloaded and executed.
The second option is to place some javascript code that steals the user’s cookies for that particular site, and then post them to a 3rd party site. His cookies may contain a login and password, or more likely a login hash. The attacker can then use these cookies to hijack the user’s session, and access possible sensitive areas of a site under that user’s account, as that hijacked user.
Fortunately the solution is simple. Either use htmlentities() to ‘escape’ HTML entities, i.e. converting <’s to < etc. Or, use strip_tags, to remove all HTML tag input.
Tags: cross site scripting, html, htmlentitie, javascript, PHP, strip_tags, website security consultant, xss
19 Jan 10 Website Security Scan
Websites get hacked every day, customers details taken, and it’s usually REALLY EASY to do. As a security consultant, I often get a call after a Google search turns up with my details as the guy to contact when this happens.
Shameless plug: Why not contact me BEFORE this happens for a FREE basic web scan.
Shameless plug over, why not consider some of the things that can be done to help prevent a website breach..
(more…)
Tags: Apache, backups, code, cookie, cross site scripting, htaccess, LAMP, logs, mod_security, MySQL, PHP, php security, rate limit, restrict limit, Security Consultant, session, sniffing, sql injection, website security scan, xss
14 Jan 10 PHP Security
As a PHP programmer, there are a couple of things you can do quickly and easily to increase the security of your PHP code installation.
Look into PHP’s “safe mode” feature, ESPECIALLY if you’re running a webserver that takes the general public can upload scripts to. Here you’ll find a list of the functions disabled or restricted by safe mode. It is not strictly PHP’s job to restrict these types of functions, however unless you really know what you’re doing, the list of functions restricted by safemode is a good starting point for building secure applications. These are generally functions that allow file and directory manipulation, and socket manipulation. If it’s not possible within your environment to disable them all, disable as many of these functions as possible.
Although not that common, if I’m writing an application that heavily relies on functions that manipulate directories or sockets, I’ll prefer to create a C daemon or similar to handle this side of things and simply use PHP to communicate with it. (more…)
Tags: cross site scripting, directory, error reporting, magic quotes, MySQL, mysql_real_escape_string, PHP, php security, safe mode, socket, sql injection, xss
04 Sep 09 Security Consultant – PHP Developer – Exploiting Common PHP Code Flaws
There are a number of PHP and in fact programming errors in general that PHP Programmers and Security Consultants need to be aware of. Specifically, how can a malicious user use the code to gain access above what he is supposed to.
Cross Site Scripting (XSS), Shell Execution and SQL Injection are all issues that programmers need to be aware of. Luckily, buffer overflows in their traditional sense are not something that PHP developers need to concern themselves with.
Here in it’s most basic sense is an example of how we can read arbitrary files on the filesystem that we should not have access to.
(more…)
Tags: code flaws, cross site scripting, exploit, exploiting, PHP, php code, PHP Developer, Security Consultant, shell execution, sql injection, xss
|
I'm Adam Palmer, and I'm a PHP Programmer, Web Security Consultant, and Linux Consultant.
I run 'APNIC Solutions Ltd' and spend most of my time consulting, managing server clusters, and writing PHP, whilst what little spare time I have is dedicated to playing with gadgets.
|
