|
DCBLAIR
Fixing Vulnerable CodingMay 03, 2012 08:53AM |
Hi all. I think I need some serious help. I went on one of those freelance sites and got someone to build a site for me. I spent hundreds of dollars for the site. After I got it, I decided to use w3af to scan my site to see if it was vulnerable to anythings. Lo and behold it was vulnerable to XSS, XSRF, REDOS. I identified three (3) PHP files which had these issues. Can htmlpurifier help me to remove these vulnerabilities? If so, can someone please show me how? I have included the code in one of these files in hopes that it can be fixed. Thanks.
<?php include "include/top_header.php"; ?>
<div class="middlePartArea">
<div class="middleLeftPart">
<?php /*?> <?php include "include/banner.php"; ?><?php */?>
<div class="middleNavigationPart">
<?php
if(isset($com_msg) && $com_msg == 'Thanks! for registration'){
?>
<div style="color:#5d9b0d; font:bold 13px/22px Arial, Helvetica, sans-serif;">
<?php echo isset($com_msg) ? $com_msg : '';?> </div>
<?php /*?><?php if(isset($_REQUEST['applysubmit']) && $_REQUEST['applysubmit'] == 'submit'){?> <?php */?>
<?php }else{?>
<div style="color:#FF0000; font:bold 13px/22px Arial, Helvetica, sans-serif;">
<?php echo isset($com_msg) ? $com_msg : '';?> </div>
<?php }?>
<form action="comregins.php" method="post" enctype="multipart/form-data" onSubmit="return com_valid();">
<div class="secformArea">
<div class="secformAreaTxt"><span style="color:#FF0000;">*</span>Company Name:</div>
<div class="secformAreaFeild"><input type="text" name="com_name" id="com_name" class="secformAreaFeildtxtValue" ></div>
</div>
<div class="secformArea">
<div class="secformAreaTxt">Image:</div>
<div class="secformAreaFeild"><input name="com_image" type="file" id="image" size="33">
</div>
</div>
<div class="secformArea">
<div class="secformAreaTxt">Website Address:</div>
<div class="secformAreaFeild"><input type="text" name="com_website" id="com_website" class="secformAreaFeildtxtValue" ></div>
</div>
<div class="secformArea">
<div class="secformAreaTxt"><span style="color:#FF0000;">*</span>Category:</div>
<?php
$cat_sql = 'select * from baby_categories';
$cat_query = mysql_query($cat_sql);
?>
<div class="secformAreaFeild">
<select name="com_cat" id="com_cat" class="secformAreaTxtlistvalue">
<option value="">Select Caretype</option>
<?php while($cat_rows = mysql_fetch_array($cat_query)){?>
<option value="<?php echo $cat_rows['cat_id'];?>"><?php echo $cat_rows['cat_name'];?></option>
<?php }?>
</select>
</div>
</div>
<div class="secformArea">
<div class="secformAreaTxt">Sub Category:</div>
<div class="secformAreaFeild" id="com_subCatList">
</div>
</div>
<div class="secformArea">
<div class="secformAreaTxt"><span style="color:#FF0000;">*</span>Rate Type:</div>
<div class="secformAreaFeild">
<select name="com_ratetype" id="com_ratetype" class="secformAreaTxtlistvalue">
<option value="">Select Type</option>
<option value="hours">Hours</option>
<option value="daily">Daily</option>
<option value="weekly">Weekly</option>
<option value="monthly">Monthly</option>
<option value="yearly">Yearly</option>
</select>
</div>
</div>
<div class="secformArea">
<div class="secformAreaTxt"><span style="color:#FF0000;">*</span>Rate Amount:</div>
<div class="secformAreaFeild"><input type="text" name="com_rateamount" id="com_rateamount" class="secformAreaFeildtxtValue" ></div>
</div>
<div class="secformArea">
<div class="secformAreaTxt">Year of Experience:</div>
<div class="secformAreaFeild"><input type="text" name="com_exp" id="com_exp" class="secformAreaFeildtxtValue" ></div>
</div>
<div class="secformArea">
<div class="secformAreaTxt">Establish Date:</div>
<div class="secformAreaFeild">
<select name="dob_year" id="dob_year" class="liDateValue list3" style="margin:0 13px 0 0;">
<option value="">Year</option>
<?php
for($i=2014;$i>=1950;$i--){
?>
<option value="<?php echo $i;?>"><?php echo $i;?></option>
<?php }?>
</select>
<select name="dob_month" id="dob_month" class="liDateValue list3" style="margin:0 13px 0 0;">
<option value="">Month</option>
<?php
$month = array('January','February','March','April','May','June','July','August','September','October','November','December');
$i = 1;
foreach($month as $val){
?>
<option value="<?php echo $i;?>"><?php echo $val;?></option>
<?php
$i++;
}?>
</select>
<select name="dob_date" id="dob_date" class="liDateValue list3">
<option value="">Date</option>
<?php
for($i=1;$i<=31;$i++){
?>
<option value="<?php echo $i;?>"><?php echo $i;?></option>
<?php }?>
</select>
</div>
</div>
<div class="secformArea">
<div class="secformAreaTxt"><span style="color:#FF0000;">*</span>About Company:</div>
<div class="secformAreaFeild"><textarea name="com_aboutyourself" id="com_aboutyourself" class="secformAreaTxtAreavalue"></textarea></div>
</div>
<input type="hidden" name="com_uname" value="<?php echo $_REQUEST['com_uname'];?>">
<input type="hidden" name="com_pwd" value="<?php echo $_REQUEST['com_pwd'];?>">
<input type="hidden" name="com_email" value="<?php echo $_REQUEST['com_email'];?>">
<input type="hidden" name="com_contact" value="<?php echo $_REQUEST['com_contact'];?>">
<input type="hidden" name="com_street" value="<?php echo $_REQUEST['com_street'];?>">
<input type="hidden" name="com_parish_name" value="<?php echo $_REQUEST['com_parish_name'];?>">
<div class="sbtninform">
<input type="submit" name="comregsubmit" value="Submit" class="sbtninformValue" >
</div>
</form>
<?php /*?><?php }else{
echo 'Premilinary Registration is Required!';
}?><?php */?>
</div>
</div>
<?php include "include/google_panel.php"; ?>
</div>
</div>
</div>
<div class="bottomInnerPartBg"></div>
</div>
<div id="fundotransparente3"></div>
<div id="website3" style="z-index:99; position:fixed; *position:absolute; width:370px; display:none; background:#FFCC00; border:3px solid #000;">
<div class="login-panel2">
<div id="message" class="inputBox1"></div>
<form action="" method="post" class="login-form2">
<h2>Profile Info</h2>
<div><?php echo $family_row['family_email'];?></div>
<div><input name="fam_contact" id="fam_contact" type="text" value="<?php echo $family_row['family_contactno'];?>" class="login-input" onblur="if(this.value=='') this.value='Contact No'" onfocus="if(this.value=='password') this.value=''"/></div>
<div><input name="fam_fname" id="fam_fname" type="text" value="<?php echo $family_row['family_fname'];?>" class="login-input" onblur="if(this.value=='') this.value='FirstName'" onfocus="if(this.value=='FirstName') this.value=''" /></div>
<div><input name="fam_lname" id="fam_lname" type="text" value="<?php echo $family_row['family_lname'];?>" class="login-input" onblur="if(this.value=='') this.value='LastName'" onfocus="if(this.value=='LastName') this.value=''" /></div>
<div><input name="fam_streetname" id="fam_streetname" type="text" value="<?php echo $family_row['family_streetname'];?>" class="login-input" onblur="if(this.value=='') this.value='StreetName'" onfocus="if(this.value=='StreetName') this.value=''" /></div>
<div><input name="fam_parish" id="fam_parish" type="text" value="<?php echo $family_row['family_parish'];?>" class="login-input" onblur="if(this.value=='') this.value='ParishName'" onfocus="if(this.value=='ParishName') this.value=''" /></div>
<div><input name="fam_number" id="fam_number" type="text" value="<?php echo $family_row['family_number'];?>" class="login-input" onblur="if(this.value=='') this.value='Children Number'" onfocus="if(this.value=='Phone Number') this.value=''" /></div>
<input type="hidden" name="familyid" id="familyid" value="<?php echo $family_row['family_id'];?>">
<div><input name="editfamilysubmit" type="submit" value="Submit" class="login-button" />
</div>
</form>
</div>
<img src="images/close.png" border="0" style=" display: inline; z-index: 3200; position: absolute; top:10px; left:10px; cursor: pointer;">
</div>
<div id="website4" style="z-index:99; position:fixed; *position:absolute; width:370px; display:none; background:#FFCC00; border:3px solid #000;">
<div class="login-panel2">
<div id="message" class="inputBox1"></div>
<form action="" method="post" class="login-form2">
<h2>Profile Info</h2>
<div><input name="Sit_fname" id="Sit_fname" type="text" value="<?php echo $sitter_row['sitter_fname'];?>" class="login-input" onblur="if(this.value=='') this.value='FirstName'" onfocus="if(this.value=='FirstName') this.value=''" /></div>
<div><input name="sit_lname" id="sit_lname" type="text" value="<?php echo $sitter_row['sitter_lname'];?>" class="login-input" onblur="if(this.value=='') this.value='LastName'" onfocus="if(this.value=='LastName') this.value=''" /></div>
<div><?php echo $sitter_row['sitter_email'];?></div>
<div><input name="sit_street" id="sit_street" type="text" value="<?php echo $sitter_row['sitter_streetname'];?>" class="login-input" onblur="if(this.value=='') this.value='StreetName'" onfocus="if(this.value=='StreetName') this.value=''" /></div>
<div><input name="sit_city" id="sit_city" type="text" value="<?php echo $sitter_row['sitter_city'];?>" class="login-input" onblur="if(this.value=='') this.value='City'" onfocus="if(this.value=='City') this.value=''"/></div>
<div><input name="sit_phno" id="sit_phno" type="text" value="<?php echo $sitter_row['sitter_contactno'];?>" class="login-input" onblur="if(this.value=='') this.value='Phone Number'" onfocus="if(this.value=='Phone Number') this.value=''" /></div>
<div><input name="sit_exp" id="sit_exp" type="text" value="<?php echo $sitter_row['sitter_exp'];?>" class="login-input" onblur="if(this.value=='') this.value='Experience'" onfocus="if(this.value=='Experience') this.value=''" /></div>
<div><input name="sit_certf" id="sit_certf" type="text" value="<?php echo $sitter_row['sitter_certification'];?>" class="login-input" onblur="if(this.value=='') this.value='Certification'" onfocus="if(this.value=='Certification') this.value=''" /></div>
<div><input name="sit_qualf" id="sit_qualf" type="text" value="<?php echo $sitter_row['sitter_qualification'];?>" class="login-input" onblur="if(this.value=='') this.value='Qualification'" onfocus="if(this.value=='Qualification') this.value=''" /></div>
<div><input name="sit_lang" id="sit_lang" type="text" value="<?php echo $sitter_row['sitter_language'];?>" class="login-input" onblur="if(this.value=='') this.value='Language Known'" onfocus="if(this.value=='Language Known') this.value=''" /></div>
<div><input name="sit_rate" id="sit_rate" type="text" value="<?php echo $sitter_row['sitter_rate'];?>" class="login-input" onblur="if(this.value=='') this.value='Rate'" onfocus="if(this.value=='Rate') this.value=''" /></div>
<div><select name="sit_cat" id="sit_cat">
<option value="">select category</option>
<?php while($cat_rows=mysql_fetch_array($cat_query)){ ?>
<option value="<?php echo $cat_rows['cat_id']; ?>" <?php if($cat_rows['cat_id']==$sitter_row['cat_id']){ echo "selected"; }else{} ?>><?php echo $cat_rows['cat_name']; ?></option>
<?php } ?>
</select></div>
<div><input name="sit_parish" id="sit_parish" type="text" value="<?php echo $sitter_row['sitter_parish'];?>" class="login-input" onblur="if(this.value=='') this.value='ParishName'" onfocus="if(this.value=='ParishName') this.value=''" /></div>
<input type="hidden" name="sitterid" id="sitterid" value="<?php echo $sitter_row['sitter_id'];?>">
<div><input name="editsittersubmit" type="submit" value="Submit" class="login-button" />
</div>
</form>
</div>
<img src="images/close.png" border="0" style=" display: inline; z-index: 3200; position: absolute; top:10px; left:10px; cursor: pointer;">
</div>
<script type="text/javascript">
$(document).ready(function(){
$('#com_cat').change(function(){
var catID = $(this).val();
var dataString = 'cate_id='+catID;
//alert(dataString);
$.ajax({
type : 'GET',
url : 'comreg_ajax.php',
dataType : 'html',
data : dataString,
success : function(data){
$('#com_subCatList').html(data);
}
});
});
});
</script>
<?php include "include/footer.php"; ?>
|
Re: Fixing Vulnerable Coding May 03, 2012 03:41PM |
Admin Registered: 6 years ago Posts: 2,640 |