Você está na página 1de 4

FROM user WHERE username='".$uname.

"'
OR '1' = '1' --'sdad"."'";

o SQL query
mysql_query
query:
// Prepare Query to avoid SQL Injection
function prepared_sqlquery($code, $data)
{
$parts = explode('?', $code);
$sql = '';
foreach ( $data as $value ) {
$sql .= array_shift( $parts);
$sql .= '"' .addslashes($value). '"';
}
$sql .= array_shift( $parts );
return $sql;
}
mysqli_multi_query
SQL statements 1 query
.
query .
search_loggedout.php
search_loggedin.php SELECT queries
id ( search_loggedin.php)
SQL
query .
index.php
SELECT queries.
>> opencourses.php
:
>> newprof.php
>> newuser.php
: manual.php queries
: contact.php queries
: about.php select queries

Sfragizontas tis litourgies tou admin apo epitheseis CRSF kaliptoume tin periptosi
enas kakovoulos xristis na perasei kapio script mesw kapias formas se kapia selida
tou admin.Krinoume oti dn ehei noima I prostasia apo XSS sti pleura tou admin
kathws ama o kakovoulos xristis ehei parei idi prosvasi sto logariasmo tou admin
den prokitai na mas kanei peretairw zimia vazontas kapio script.Gia ton logo auton
sfragisame apo XSS mono tis perioxes tou guest kai tou xristi (afou i eggraf ton
ekpaideutwn den einai dinati)
ATTACKS :

CRSF
Admin side:
Cleanup.php
Delcourse.php
Edituser.php
Password.php
Addfaculte.php
Eclassconf.php
Infocours.php
Quotecourse.php
Statuscours.php
Mailtoprof.php
multireguser.php
adminannouncements.php
auth.php
auth_process.php
newuseradmin.php

.
http://localhost/openeclass-2.3/modules/unreguser/unreguser.php?doit=yes

/openeclass-2.3/modules/unreguser/unreguser.php?u=4&doit=yes

ANTIMETRA : TOKEN STI FORMA

XSS
script <script>alert("Hello! I am an alert box!");</script>

script <script>alert("Hello! I am an alert box!");</script>


Script
SCRIPT STI PERIOXI SIZITISEWN
KAI OPOU ALOU

SCRIPT MESW LINK:


localhost/openeclass-2.3/modules/document/document.php?
newDirPath=&newDirName=<script>alert("Hello! I am an aleGGrt box!");</script>
STA EGGRAFA NEOS KATALOGOS

FILE INCLUSION FILE


Anevasma ergasias .php arxiou sto fakelo ergasiwn kai ektelesi autou mesa apo link
tou directory
ANTIMETRA : NA MIN EPITREPETE TO TO NA BENEIS STOUS FAKELOUS TOU SERVER.
http://localhost/openeclass-2.3/courses/TMA103/work/
http://localhost/openeclass-2.3/modules/work/work.php?id=1

HttpOnly flag set set to true


You can either change settings in php.ini, or via ini_set() calls to change
session.cookie_secure and session.cookie_httponly values to true.

If the HttpOnly flag (optional) is included in the HTTP response header, the cookie
cannot be accessed through client side script (again if the browser supports this
flag). As a result, even if a cross-site scripting (XSS) flaw exists, and a user
accidentally accesses a link that exploits this flaw, the browser (primarily Internet
Explorer) will not reveal the cookie to a third party.