1 Topic by apmuthu (edited by apmuthu 12/04/2016 05:57:45 pm)

  • From: Singapore, India, Chennai
  • Registered: 05/02/2009
  • Posts: 6,171

Topic: PHP Vulnerability Tests

The FrontAccounting v2.3.25's webroot folder's files were passed through the RIPS Scanner and the attached results were obtained on it's vulnerability. Most if not all are false positives. The $_POST and $_GET variables are washed before usage though they remain in the same variable name causing such scanners to spout such results.

vulnerable example code:

1: print ("Hello "  .  $_GET["name"]); 

proof of concept for execution:

/index.php?name=<script>alert(1)</script>

patch:

Encode all user tainted data with PHP buildin functions before embedding the data into the output. Make sure to set the parameter ENT_QUOTES to avoid an eventhandler injections to existing HTML attributes and specify the correct charset.

1: print ("Hello "  .  htmlentities($_GET["name"],  ENT_QUOTES,  "utf-8");

Post's attachments

FA2325_RIPS_Scan_Summary.png 10.5 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

apmuthu's Website