Examples: Insecure Guestbook Application

Disclamer

The following example is an application that is very unstable and dangerous. It is deactivated on my production server and does only work on my presentation server. If you install this application on a server, take care to prevent any access to this server from the internet. It is a major security issue to let anybody access this server!

Presentation of the application

This application is a guestbook with some advanced features. The application works but has been written by a very bad programmer (me). So it contains the 10 most present security vulnerability.

Test the application

Live Demo (only on my Laptop)

Interesting files in the project

The following files are part of this small project and can be of interest:

index.php the main file containing all the program.
connect.php the file used to connect the database (this file is loaded inside the index.php).
guestbook.css the style file
english.php contains the translation of the terms used in the application (which is i18nised). You have aslo:french.php and german.php
guestbook.sql the mysql dump of the database used for this application

Install a version locally

Dowload this application as a zip file: guestbook.zip
Unzip this file in the htdocs directory of your apache server (the one you had to install for your Web Programming course).
Create a Database, import the sql instructions in your DB: guestbook.sql
Configure the file connect.php in order to meet the config of your DB.
In order to install the application on your server, you have to remove the security feature I installed. That means, in the first lines of the file index.php, uncomment the line $production_site = 0; and comment the line require_once('../../../mylib.php');. The rest should work if you configure the file connect.php.
Now it should work. Enjoy, and don't forget to protect yourself!