Examples: Insecure Guestbook Application


Disclamer

The following example is an application that is very unstable and dangerous. It is deactivated on my production server and does only work on my presentation server. If you install this application on a server, take care to prevent any access to this server from the internet. It is a major security issue to let anybody access this server!


Presentation of the application

This application is a guestbook with some advanced features. The application works but has been written by a very bad programmer (me). So it contains the 10 most present security vulnerability.

Test the application

Live Demo (only on my Laptop)

Interesting files in the project

The following files are part of this small project and can be of interest:

Install a version locally

Dowload this application as a zip file: guestbook.zip
Unzip this file in the htdocs directory of your apache server (the one you had to install for your Web Programming course).
Create a Database, import the sql instructions in your DB: guestbook.sql
Configure the file connect.php in order to meet the config of your DB.
In order to install the application on your server, you have to remove the security feature I installed. That means, in the first lines of the file index.php, uncomment the line $production_site = 0; and comment the line require_once('../../../mylib.php');. The rest should work if you configure the file connect.php.
Now it should work. Enjoy, and don't forget to protect yourself!