MemoryRefresh!

Security / Spoofed forms   Spoofed forms



Questions Answers 0%

Pages   0 from 91
Questions   0 from 142

Reset


Atack : Copy a target form and execute it from a different location. Defence: Restrict input to your rules
<!-- localhost --> <?php if (@$_GET['hacker_site']): ?> <!-- hacker site --> <form method="POST" action='test.php'> <textarea name="gender">monkey</textarea> <!-- Look Here --> <input type="submit" name="btn_submit"/> </form> <?php endif; ?> <?php if (!@$_GET['hacker_site']): ?> <!-- my site --> <form method="POST" action='test.php'> Select gender: <select name="gender"> <option> <option value='male'>male <option value='woman'>woman </select> <input type="submit" name="btn_submit"/> </form> <?php if (!empty($_POST['btn_submit'])) { if (!empty($_POST['gender'])) { echo $_POST['gender']; // display monkey } } ?> <?php endif; ?> Using stream context
<?php if (@$_GET['hacker_site']) { // hacker site simultation $postVars = array( 'gender' => 'XXX', 'btn_submit' => '1', ); $wrapperOptions = array('http' => array( 'method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => http_build_query($postVars, '', '&'), 'timeout' => 5, ) ); $streamContext = stream_context_create($wrapperOptions); echo file_get_contents("localhost", 0, $streamContext); // display XXX } ?> <?php if (!@$_GET['hacker_site']): ?> <!-- my site --> <form method="POST" action='test.php'> Select gender: <select name="gender"> <option> <option value='male'>male <option value='woman'>woman </select> <input type="submit" name="btn_submit"/> </form> <?php if (!empty($_POST['btn_submit']) && !empty($_POST['gender'])) { echo $_POST['gender']; // display XXX } ?> <?php endif; ?> Solution: Session secret
<?php if (@$_GET['hacker_site']): ?> <form method="POST" action='test.php'> <textarea name="gender">monkey</textarea> <input type="submit" name="btn_submit"/> <input type="hidden" name="secret" value="1"> </form> <?php endif; ?> <?php if (!@$_GET['hacker_site']): ?> <?php session_start(); if (isset($_POST['btn_submit'])) { if ($_POST['secret'] != $_SESSION['secret']) { // --- Look Here --- // die("Spoofed Form"); } } $secret = md5(uniqid(rand(), true)); // --- Look Here --- // $_SESSION['secret'] = $secret; ?> <form method="POST" action='test.php'> Select gender: <select name="gender"> <option> <option value='male'>male <option value='woman'>woman </select> <input type="submit" name="btn_submit"/> <input type="hidden" name="secret" value="<?php echo $secret; ?>"><!-- Look Here --> </form> <?php if (!empty($_POST['btn_submit']) && !empty($_POST['gender'])) { echo $_POST['gender']; // display Spoofed Form } ?> <?php endif; ?> nyphp.org
1) What Spoofed Forms meens?





2) How do you avoid spoofed form attack?








Atack : Copy a target form and execute it from a different location. Defence: Restrict input to your rules
<!-- localhost --> <?php if (@$_GET['hacker_site']): ?> <!-- hacker site --> <form method="POST" action='test.php'> <textarea name="gender">monkey</textarea> <!-- Look Here --> <input type="submit" name="btn_submit"/> </form> <?php endif; ?> <?php if (!@$_GET['hacker_site']): ?> <!-- my site --> <form method="POST" action='test.php'> Select gender: <select name="gender"> <option> <option value='male'>male <option value='woman'>woman </select> <input type="submit" name="btn_submit"/> </form> <?php if (!empty($_POST['btn_submit'])) { if (!empty($_POST['gender'])) { echo $_POST['gender']; // display monkey } } ?> <?php endif; ?> Using stream context
<?php if (@$_GET['hacker_site']) { // hacker site simultation $postVars = array( 'gender' => 'XXX', 'btn_submit' => '1', ); $wrapperOptions = array('http' => array( 'method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => http_build_query($postVars, '', '&'), 'timeout' => 5, ) ); $streamContext = stream_context_create($wrapperOptions); echo file_get_contents("localhost", 0, $streamContext); // display XXX } ?> <?php if (!@$_GET['hacker_site']): ?> <!-- my site --> <form method="POST" action='test.php'> Select gender: <select name="gender"> <option> <option value='male'>male <option value='woman'>woman </select> <input type="submit" name="btn_submit"/> </form> <?php if (!empty($_POST['btn_submit']) && !empty($_POST['gender'])) { echo $_POST['gender']; // display XXX } ?> <?php endif; ?> Solution: Session secret
<?php if (@$_GET['hacker_site']): ?> <form method="POST" action='test.php'> <textarea name="gender">monkey</textarea> <input type="submit" name="btn_submit"/> <input type="hidden" name="secret" value="1"> </form> <?php endif; ?> <?php if (!@$_GET['hacker_site']): ?> <?php session_start(); if (isset($_POST['btn_submit'])) { if ($_POST['secret'] != $_SESSION['secret']) { // --- Look Here --- // die("Spoofed Form"); } } $secret = md5(uniqid(rand(), true)); // --- Look Here --- // $_SESSION['secret'] = $secret; ?> <form method="POST" action='test.php'> Select gender: <select name="gender"> <option> <option value='male'>male <option value='woman'>woman </select> <input type="submit" name="btn_submit"/> <input type="hidden" name="secret" value="<?php echo $secret; ?>"><!-- Look Here --> </form> <?php if (!empty($_POST['btn_submit']) && !empty($_POST['gender'])) { echo $_POST['gender']; // display Spoofed Form } ?> <?php endif; ?> nyphp.org

References









Programming

Php
   
Regex
   
MySQL
   
Css
   
jQuery
   
Git
   


References