Elusive Thoughts

Intro  This post is going to talk about source code reviewing PHP and demonstrate how a relatively small chunk of code can cause you lots of problems. The Code In this article we are going to analyze the code displayed below. The code displayed below might seem innocent for some , but obviously is not. We are going to assume that is used by some web site to validate the credentials and allow the users to login. <?php require_once 'commonFunctionality.php'; if (validateCredentials($someUsername, $somePassword)) { header('Location: myIndex.php'); } else { header('Location: wrong_login.php'); } ?> If you look carefully the code you will se that the code is vulnerable to the following issues: Reflected/Stored XSS Session Fixation/Session Hijacking   Lock Out Mechanism Not In Place Think this is not accurate , think better. Session Fixation/Session Hijacking An adversary may on purpo...

Introduction This articles is written by me to show that Clickjaking should not be underestimated as a vulnerability, especially when combined with other vulnerabilities. Clickjaking (User Interface redress attack) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. That is good in theory , but how can someone do that in practice? The answer is simple , ridiculously easy... Even a script kiddy can become a "hacker" con-artist when combining  vulnerabilities. In this post I am going to show how a simple CSRF attack can actually be combined with a clickjaking attack, of course the same think can happen with vulnerabilities such as session fixation and XSS. The Clickalicious Attack In order to perform the attack we would have to be based in the follo...