PHP Developers Network
http://forums.devnetwork.net/

Stress From Outsourced Work
http://forums.devnetwork.net/viewtopic.php?f=34&t=135530
Page 1 of 1

Author:  dcblair [ Thu May 03, 2012 12:50 pm ]
Post subject:  Stress From Outsourced Work

Hi all. I think I need some serious help. I went on one of those freelance sites and got someone to build a site for me. I spent hundreds of dollars for the site. After I got it, I decided to use w3af to scan my site to see if it was vulnerable to anythings. Lo and behold it was vulnerable to XSS, XSRF, REDOS. I identified three (3) PHP files which had these issues. What can I do to remove these vulnerabilities? If so, can someone please show me how? I have included the code in one of these files in hopes that it can be fixed. Thanks.

Syntax: [ Download ] [ Hide ]
<?php include "include/top_header.php"; ?>

<div class="middlePartArea">
                        <div class="middleLeftPart">
                     
                     <?php /*?> <?php include "include/banner.php"; ?><?php */?>
                        <div class="middleNavigationPart">
                        <?php
                                                if(isset($com_msg) && $com_msg == 'Thanks! for registration'){
                                                ?>
                        <div style="color:#5d9b0d; font:bold 13px/22px Arial, Helvetica, sans-serif;">
                                                        <?php echo isset($com_msg) ? $com_msg : '';?> </div>
                        <?php /*?><?php if(isset($_REQUEST['applysubmit']) && $_REQUEST['applysubmit'] == 'submit'){?> <?php */?>
                         <?php }else{?>
                                <div style="color:#FF0000; font:bold 13px/22px Arial, Helvetica, sans-serif;">
                                                        <?php echo isset($com_msg) ? $com_msg : '';?> </div>  
                            <?php }?>  
                                                        <form action="comregins.php" method="post" enctype="multipart/form-data" onSubmit="return com_valid();">
                             
                             <div class="secformArea">
                                <div class="secformAreaTxt"><span style="color:#FF0000;">*</span>Company Name:</div>
                                <div class="secformAreaFeild"><input type="text" name="com_name" id="com_name" class="secformAreaFeildtxtValue" ></div>
                             </div>
                             
                             <div class="secformArea">
                                <div class="secformAreaTxt">Image:</div>
                                <div class="secformAreaFeild"><input name="com_image" type="file" id="image" size="33">
                               </div>
                             </div>
                           
                              <div class="secformArea">
                                <div class="secformAreaTxt">Website Address:</div>
                                <div class="secformAreaFeild"><input type="text" name="com_website" id="com_website" class="secformAreaFeildtxtValue" ></div>
                             </div>
                             
                              <div class="secformArea">
                                <div class="secformAreaTxt"><span style="color:#FF0000;">*</span>Category:</div>
                               <?php
                                                            $cat_sql = 'select * from baby_categories';
                                                                $cat_query = mysql_query($cat_sql);
                                                                ?>
                                <div class="secformAreaFeild">
                                <select name="com_cat" id="com_cat" class="secformAreaTxtlistvalue">
                                <option value="">Select Caretype</option>
                                 <?php while($cat_rows = mysql_fetch_array($cat_query)){?>
                                <option value="<?php echo $cat_rows['cat_id'];?>"><?php echo $cat_rows['cat_name'];?></option>
                                <?php }?>
                                </select>
                                </div>
                             </div>
                             
                             <div class="secformArea">
                                <div class="secformAreaTxt">Sub Category:</div>
                                <div class="secformAreaFeild" id="com_subCatList">
                               
                                </div>
                             </div>
                             
                             <div class="secformArea">
                                <div class="secformAreaTxt"><span style="color:#FF0000;">*</span>Rate Type:</div>
                                <div class="secformAreaFeild">
                                                        <select name="com_ratetype" id="com_ratetype" class="secformAreaTxtlistvalue">
                                                        <option value="">Select Type</option>
                                            <option value="hours">Hours</option>
                                            <option value="daily">Daily</option>
                                            <option value="weekly">Weekly</option>
                                            <option value="monthly">Monthly</option>
                                            <option value="yearly">Yearly</option>
                                            </select>
                               </div>
                             </div>
                             
                             <div class="secformArea">
                                <div class="secformAreaTxt"><span style="color:#FF0000;">*</span>Rate Amount:</div>
                                <div class="secformAreaFeild"><input type="text" name="com_rateamount" id="com_rateamount" class="secformAreaFeildtxtValue" ></div>
                             </div>
                             
                             <div class="secformArea">
                                <div class="secformAreaTxt">Year of Experience:</div>
                                <div class="secformAreaFeild"><input type="text" name="com_exp" id="com_exp" class="secformAreaFeildtxtValue" ></div>
                             </div>
                             
                             <div class="secformArea">
                             <div class="secformAreaTxt">Establish Date:</div>
                                <div class="secformAreaFeild">
                                <select name="dob_year" id="dob_year" class="liDateValue list3" style="margin:0 13px 0 0;">
                                <option value="">Year</option>
                                <?php
                                for($i=2014;$i>=1950;$i--){
                                ?>
                                <option value="<?php echo $i;?>"><?php echo $i;?></option>
                                <?php }?>
                                </select>
                                <select name="dob_month" id="dob_month" class="liDateValue list3" style="margin:0 13px 0 0;">
                                <option value="">Month</option>
                                <?php
                                $month = array('January','February','March','April','May','June','July','August','September','October','November','December');
                                $i = 1;
                                foreach($month as $val){
                                ?>
                                <option value="<?php echo $i;?>"><?php echo $val;?></option>
                                <?php
                                $i++;
                                }?>
                                </select>
                                <select name="dob_date" id="dob_date" class="liDateValue list3">
                                <option value="">Date</option>
                                <?php
                                for($i=1;$i<=31;$i++){
                                ?>
                                <option value="<?php echo $i;?>"><?php echo $i;?></option>
                                <?php }?>
                                </select>
                                </div>
                             </div>
                             
                             <div class="secformArea">
                                <div class="secformAreaTxt"><span style="color:#FF0000;">*</span>About Company:</div>
                                <div class="secformAreaFeild"><textarea name="com_aboutyourself" id="com_aboutyourself" class="secformAreaTxtAreavalue"></textarea></div>
                             </div>
                             
                             
                             <input type="hidden" name="com_uname" value="<?php echo $_REQUEST['com_uname'];?>">
                             <input type="hidden" name="com_pwd" value="<?php echo $_REQUEST['com_pwd'];?>">
                             <input type="hidden" name="com_email" value="<?php echo $_REQUEST['com_email'];?>">
                                         <input type="hidden" name="com_contact" value="<?php echo $_REQUEST['com_contact'];?>">
                                                         <input type="hidden" name="com_street" value="<?php echo $_REQUEST['com_street'];?>">
                             <input type="hidden" name="com_parish_name" value="<?php echo $_REQUEST['com_parish_name'];?>">
                                                                               
                             <div class="sbtninform">
                               <input type="submit" name="comregsubmit" value="Submit" class="sbtninformValue" >
                             </div>
                             </form>    
                                                        <?php /*?><?php }else{
                                                        echo 'Premilinary Registration is Required!';
                                                        }?><?php */
?>
                        </div>
                    </div>
                    <?php include "include/google_panel.php"; ?>
                </div>
            </div>
        </div>
                <div class="bottomInnerPartBg"></div>
        </div>
   
   <div id="fundotransparente3"></div>
<div id="website3" style="z-index:99; position:fixed; *position:absolute; width:370px; display:none; background:#FFCC00; border:3px solid #000;">
    <div class="login-panel2">
     <div id="message" class="inputBox1"></div>
        <form action="" method="post" class="login-form2">
            <h2>Profile Info</h2>
            <div><?php echo $family_row['family_email'];?></div>
            <div><input name="fam_contact" id="fam_contact" type="text" value="<?php echo $family_row['family_contactno'];?>" class="login-input"  onblur="if(this.value=='') this.value='Contact No'" onfocus="if(this.value=='password') this.value=''"/></div>
            <div><input name="fam_fname" id="fam_fname" type="text" value="<?php echo $family_row['family_fname'];?>" class="login-input"  onblur="if(this.value=='') this.value='FirstName'" onfocus="if(this.value=='FirstName') this.value=''"  /></div>
            <div><input name="fam_lname" id="fam_lname" type="text" value="<?php echo $family_row['family_lname'];?>" class="login-input"  onblur="if(this.value=='') this.value='LastName'" onfocus="if(this.value=='LastName') this.value=''"  /></div>
            <div><input name="fam_streetname" id="fam_streetname" type="text" value="<?php echo $family_row['family_streetname'];?>" class="login-input"  onblur="if(this.value=='') this.value='StreetName'" onfocus="if(this.value=='StreetName') this.value=''"  /></div>
            <div><input name="fam_parish" id="fam_parish" type="text" value="<?php echo $family_row['family_parish'];?>" class="login-input"  onblur="if(this.value=='') this.value='ParishName'" onfocus="if(this.value=='ParishName') this.value=''"  /></div>
            <div><input name="fam_number" id="fam_number" type="text" value="<?php echo $family_row['family_number'];?>" class="login-input"  onblur="if(this.value=='') this.value='Children Number'" onfocus="if(this.value=='Phone Number') this.value=''"  /></div>
            <input type="hidden" name="familyid" id="familyid" value="<?php echo $family_row['family_id'];?>">
            <div><input name="editfamilysubmit" type="submit" value="Submit" class="login-button" />
            </div>
        </form>
    </div>
<img src="images/close.png" border="0" style=" display: inline; z-index: 3200; position: absolute; top:10px; left:10px; cursor: pointer;">
</div>
 
 <div id="website4" style="z-index:99; position:fixed; *position:absolute; width:370px; display:none; background:#FFCC00; border:3px solid #000;">
    <div class="login-panel2">
    <div id="message" class="inputBox1"></div>
        <form action="" method="post" class="login-form2">
            <h2>Profile Info</h2>
           
            <div><input name="Sit_fname" id="Sit_fname" type="text" value="<?php echo $sitter_row['sitter_fname'];?>" class="login-input"  onblur="if(this.value=='') this.value='FirstName'" onfocus="if(this.value=='FirstName') this.value=''"  /></div>
            <div><input name="sit_lname" id="sit_lname" type="text" value="<?php echo $sitter_row['sitter_lname'];?>" class="login-input"  onblur="if(this.value=='') this.value='LastName'" onfocus="if(this.value=='LastName') this.value=''"  /></div>
            <div><?php echo $sitter_row['sitter_email'];?></div>
            <div><input name="sit_street" id="sit_street" type="text" value="<?php echo $sitter_row['sitter_streetname'];?>" class="login-input"  onblur="if(this.value=='') this.value='StreetName'" onfocus="if(this.value=='StreetName') this.value=''"  /></div>
            <div><input name="sit_city" id="sit_city" type="text" value="<?php echo $sitter_row['sitter_city'];?>" class="login-input"  onblur="if(this.value=='') this.value='City'" onfocus="if(this.value=='City') this.value=''"/></div>
            <div><input name="sit_phno" id="sit_phno" type="text" value="<?php echo $sitter_row['sitter_contactno'];?>" class="login-input"  onblur="if(this.value=='') this.value='Phone Number'" onfocus="if(this.value=='Phone Number') this.value=''"  /></div>
            <div><input name="sit_exp" id="sit_exp" type="text" value="<?php echo $sitter_row['sitter_exp'];?>" class="login-input"  onblur="if(this.value=='') this.value='Experience'" onfocus="if(this.value=='Experience') this.value=''"  /></div>
            <div><input name="sit_certf" id="sit_certf" type="text" value="<?php echo $sitter_row['sitter_certification'];?>" class="login-input"  onblur="if(this.value=='') this.value='Certification'" onfocus="if(this.value=='Certification') this.value=''"  /></div>
            <div><input name="sit_qualf" id="sit_qualf" type="text" value="<?php echo $sitter_row['sitter_qualification'];?>" class="login-input"  onblur="if(this.value=='') this.value='Qualification'" onfocus="if(this.value=='Qualification') this.value=''"  /></div>
            <div><input name="sit_lang" id="sit_lang" type="text" value="<?php echo $sitter_row['sitter_language'];?>" class="login-input"  onblur="if(this.value=='') this.value='Language Known'" onfocus="if(this.value=='Language Known') this.value=''"  /></div>
            <div><input name="sit_rate" id="sit_rate" type="text" value="<?php echo $sitter_row['sitter_rate'];?>" class="login-input"  onblur="if(this.value=='') this.value='Rate'" onfocus="if(this.value=='Rate') this.value=''"  /></div>
            <div><select name="sit_cat" id="sit_cat">
                <option value="">select category</option>
                <?php while($cat_rows=mysql_fetch_array($cat_query)){ ?>
        <option value="<?php echo $cat_rows['cat_id']; ?>" <?php if($cat_rows['cat_id']==$sitter_row['cat_id']){ echo "selected"; }else{} ?>><?php echo $cat_rows['cat_name']; ?></option>
        <?php } ?>
                </select></div>
            <div><input name="sit_parish" id="sit_parish" type="text" value="<?php echo $sitter_row['sitter_parish'];?>" class="login-input"  onblur="if(this.value=='') this.value='ParishName'" onfocus="if(this.value=='ParishName') this.value=''"  /></div>
            <input type="hidden" name="sitterid" id="sitterid" value="<?php echo $sitter_row['sitter_id'];?>">
            <div><input name="editsittersubmit" type="submit" value="Submit" class="login-button" />
            </div>
        </form>
    </div>
<img src="images/close.png" border="0" style=" display: inline; z-index: 3200; position: absolute; top:10px; left:10px; cursor: pointer;">
</div>
 
 
<script type="text/javascript">
$(document).ready(function(){
        $('#com_cat').change(function(){
                var catID = $(this).val();
                var dataString = 'cate_id='+catID;
                //alert(dataString);
                $.ajax({
                        type : 'GET',
                        url  : 'comreg_ajax.php',
                        dataType : 'html',
                        data : dataString,
                        success : function(data){
                                $('#com_subCatList').html(data);
                        }
                });
        });
});
</script>  
   
<?php include "include/footer.php"; ?>
 

Author:  Benjamin [ Thu May 03, 2012 1:42 pm ]
Post subject:  Re: Stress From Outsourced Work

Well one thing is for sure, you certainly got what you paid for.

Author:  dcblair [ Thu May 03, 2012 2:27 pm ]
Post subject:  Re: Stress From Outsourced Work

Trust me. I expected that with the amount of money spent it would have at least been more secure. The site looks good but it is just totally unsecure.

Author:  pickle [ Thu May 03, 2012 3:24 pm ]
Post subject:  Re: Stress From Outsourced Work

That was his point. Spending <i>only</i> hundreds of dollars on a site doesn't get you much. It sounds (and is) like a lot of money, but for a good quality (both design, functionality, and security) site you need to spend thousands.

Back to your original question - we have no idea what those vulnerabilities are, or where they're located. Doing a full security audit & repair is something you should hire a company for.

Long story short - you're probably going to need to spend more money to get a secure site.

Author:  mikosiko [ Thu May 03, 2012 4:06 pm ]
Post subject:  Re: Stress From Outsourced Work

well... you can contact Mordred one of the security gurus around here... and see if you can workout something with him

you can PM him or visit his website

Author:  dcblair [ Thu May 03, 2012 4:12 pm ]
Post subject:  Re: Stress From Outsourced Work

Thanks Pickle and Mikosiko

Author:  Mordred [ Fri May 04, 2012 2:39 am ]
Post subject:  Re: Stress From Outsourced Work

From the snippet shown here I can only extrapolate how bad things are elsewhere (as Benjamin said, you certainly got what you paid for): The code doesn't do much, so I can't comment on the database access for example, but it has multiple XSS with zero effort to protect against it so I guess it's that bad elsewhere as well.

What you should have done is demand a "guarantee" for the code security (every freelancer will happily announce he writes fast and secure code, let them live up to it) and then hire a security consultant and delay payment until all security problems are cleared. What would you say are your minimum security goals for the site?

Author:  x_mutatis_mutandis_x [ Fri May 04, 2012 9:30 am ]
Post subject:  Re: Stress From Outsourced Work

Also, next time when you hire a freelancer make sure you interiew him/her. If he/she has used OOP methodologies/framework before, if he/she is aware of form-validations, SQL injections, XSS vurnerability, magic quotes etc. and how would he/she would develop/debug the code to make sure proper security measures are taken, if they have done any unit testing, and have any test cases properly documented for you to verify. And I agree with Mordred, do not pay them until their work is satisfactory to your standards (remember you are the boss here).

Author:  dcblair [ Fri May 04, 2012 4:10 pm ]
Post subject:  Re: Stress From Outsourced Work

Yea, I certainly leanrt from this mistake. I foolishly paid the guy already :oops: and he claims he does not know how to make it anymore secure and was even looking to me for advise on how to make it secure :crazy:

I certainly got what I paid for. Hopefully, I can get these issues sorted out before I take it live.

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/