<![CDATA[FrontAccounting forum — PHP Vulnerability Tests]]> 2016-12-04T17:57:26Z PunBB https://frontaccounting.com/punbb/viewtopic.php?id=6568 <![CDATA[PHP Vulnerability Tests]]> The FrontAccounting v2.3.25's webroot folder's files were passed through the RIPS Scanner and the attached results were obtained on it's vulnerability. Most if not all are false positives. The $_POST and $_GET variables are washed before usage though they remain in the same variable name causing such scanners to spout such results.

vulnerable example code:

1: print ("Hello "  .  $_GET["name"]); 

proof of concept for execution:

/index.php?name=<script>alert(1)</script>

patch:

Encode all user tainted data with PHP buildin functions before embedding the data into the output. Make sure to set the parameter ENT_QUOTES to avoid an eventhandler injections to existing HTML attributes and specify the correct charset.

1: print ("Hello "  .  htmlentities($_GET["name"],  ENT_QUOTES,  "utf-8");

]]> https://frontaccounting.com/punbb/profile.php?id=364 2016-12-04T17:57:26Z https://frontaccounting.com/punbb/viewtopic.php?pid=26956#p26956