----------------------------------- DanShadow Mon Oct 04, 2010 11:33 pm Security, Layout, and Data-flow Testing ----------------------------------- I've been working recently on a prototype for a web-scheduling application, and was wondering if anybody feels bored if they'd like to test the site (so far), and offer any suggestions/feedback? It uses a MySQL Database for data storage, SHA1 hashes for passwords, and session variables for page-to-page data flow. The Login URL is: http://www.danshadowproductions.0sites.net/Login.php The Create User URL is: http://www.danshadowproductions.0sites.net/CreateUser.php (also linked from Login page) (When creating a user, the only business registered is Danshadow Productions. The form uses an Ajax Database table check to reference what your typing to possible business names, and suggests them to you dynamically) The site is set up so no user can view a schedule until the business owner has verified their username manually, so feel free to log in as my employee account to see how I bring all the tables together. Username: Dan Password: dark Here is the URL to a page Im using to test out schedule editing (non-functional, but gives the general idea): http://www.danshadowproductions.0sites.net/test2.php So yeah, any feedback or suggestion would be much appreciated! [Update]: Just found a bug, but i'm exhausted so im gonna leave it for now.. wonder if anybody else will pick up on it, lol. ----------------------------------- Dan Tue Oct 05, 2010 3:33 am RE:Security, Layout, and Data-flow Testing ----------------------------------- Something does not seem right about how it is processing some chars in the forms. For example putting a ' anywhere will redirect to http://0000free.com/e/403.html. If you want a good review of the security you should post the code. ----------------------------------- DemonWasp Tue Oct 05, 2010 4:26 am RE:Security, Layout, and Data-flow Testing ----------------------------------- Incorrect escaping of arguments on CreateUser.php; putting a double-quote anywhere in the string given returns \". Similarly, putting a backslash anywhere in the string returns \\. Incorrect redirect of bad requests (such this is what Dan noted above). Poor form to use styles, bgcolor and similar HTML attributes instead of CSS classes. You should switch to CSS as soon as possible, or you'll have worse headaches down the road. Please choose a better font, increase the font size, or otherwise make things easier to read. Hard to read == hard to use. Too sleepy to continue. Post source code and config files and it'll be easier for us to find security faults (and therefore your site would be more secure). ----------------------------------- DanShadow Tue Oct 05, 2010 12:53 pm Re: Security, Layout, and Data-flow Testing ----------------------------------- Thanks for the help :). I've corrected most of the character entry issues with the CreateUser form, but I'm confused to why using the ' character is doing any redirecting... This is the check I do for "bad characters" entered in the "username" field of the form: $badchars=array("!","@","#","$","%","^","&","*","{","}","","/","|","?","'","\\","\""); for ($j=0; $j