Examples: Insecure Guestbook Application
Disclamer
The following example is an application that is very unstable and dangerous. It is deactivated on my production server and does only work on my presentation server. If you install this application on a server, take care to prevent any access to this server from the internet. It is a major security issue to let anybody access this server!
Presentation of the application
This application is a guestbook with some advanced features. The application works but has been written by a very bad programmer (me). So it contains the 10 most present security vulnerability.
Test the application
Interesting files in the project
The following files are part of this small project and can be of interest:- index.php the main file containing all the program.
- connect.php the file used to connect the database (this file is loaded inside the index.php).
- guestbook.css the style file
- english.php contains the translation of the terms used in the application (which is i18nised). You have aslo:french.php and german.php
- guestbook.sql the mysql dump of the database used for this application
Install a version locally
Dowload this application as a zip file: guestbook.zipUnzip this file in the htdocs directory of your apache server (the one you had to install for your Web Programming course).
Create a Database, import the sql instructions in your DB: guestbook.sql
Configure the file
connect.php
in order to meet the config of your DB.In order to install the application on your server, you have to remove the security feature I installed. That means, in the first lines of the file
index.php
, uncomment the line $production_site = 0;
and comment the line require_once('../../../mylib.php');
. The rest should work if you configure the file connect.php
.Now it should work. Enjoy, and don't forget to protect yourself!
Related Pages
Contact
Prof. Dr. Emmanuel Benoist
Berner Fachhochschule - TI
Quellgasse 21
CH-2501 Biel/Bienne
Switzerland
Mail: emmanuel.benoist (at) bfh.ch
Berner Fachhochschule - TI
Quellgasse 21
CH-2501 Biel/Bienne
Switzerland
Mail: emmanuel.benoist (at) bfh.ch
Social Networks
Follow
me
on
Linkedin, Scholar
& Research gate