Finding vulnerabilities in code?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Mattachoo
Forum Newbie
Posts: 5
Joined: Fri Feb 20, 2009 12:48 pm

Finding vulnerabilities in code?

Post by Mattachoo »

My brother works for a company as a graphic designer. A few years ago, I helped him out with the website by doing the PHP for it so he could add new information dynamically using PHP instead of uploading a new HTML file via FTP (The site gets updated almost every day).
He got an email today from the host that a phishing site had been installed on the server. The page looked like a legit log-in screen for a bank, but it stole you information instead. He now needs to go back through and look at the code on the site to find the vulnerability that allowed this malicious user to place this malicious code on the site in the first place.

Now I made this site a while ago, and didn't know anything about security much then and don't know too much about it now either. So my question to you guys is, what should I look for? Where might this vulnerability be? Would it be only when I submit forms, or when a form has someone upload information from their harddrive to the server? What might these people have been able to exploit?

Keep in mind the malicious user was able to create a whole directory and upload these scripts to that directory. Any help pointing me in the right direction would be helpful. What to look for, how someone might do this, etc.

Thanks for the help.
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: Finding vulnerabilities in code?

Post by Darhazer »

If you are allowing a file upload, that's the first point to check. If a user can upload single PHP / some CGI script, that he can do anything!l

If you use eval() or you are including pages, which names are passed in the request (index.php?page=news) that's also a point you have to secure.

You have to check every line that deals with the database to ensure there is no SQL injection vulnerability, but probably this is not connected with the uploaded file (or do you store images in the database?) so this is the second stage.

You have to sanitize all output also to clear XSS vulnerabilities. But most important is to identify where file came from, so first check your file uploads.
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Finding vulnerabilities in code?

Post by matthijs »

What scripts do you have on his site? Have you used any third party scripts (like a form script or cms)? What scripts have you written yourself?

What Darhazer said. A single unfiltered/unescaped variable can be enough to allow a malicious person to do harm.

But you also have to consider the security of your own computer. It's also possible you got infected with a keylogger or something and your ftp-credentials or server login details have been stolen
Post Reply