Tag Archives: Wisdom

Being smart about testing your application

Posted in Application Support, Infosec, Web App Security by

This is just going to be a short writeup on something I figure was worth mentioning. While going through pastebin I found the following entry  3 seconds after it was posted–> http://pastebin.com :

<?php

include ‘top.php’;

include ‘submenuhonorshall.php’;

/*SELECT * FROM TABLE WHERE field =

*/

$db = ‘gnemi_addison’;

mysql_connect(“gnemi.php-corner.com”, “gnemi_root”, “ignurupi87”) or die(mysql_error());

mysql_select_db($db) or die(mysql_error());

?>

<div id=”content”>

<h1>Honors Hall Library</h1>

<form method=”post”>

<p class=”norm”>

<select name=”searchby”>

<option value=”Author_First_Name”>Author First Name</option>

<option value=”Author_Last_Name” selected=”selected”>Author Last Name</option>

<option value=”Title”>Title</option>

</select>

<input type=”text” name=”query” />

<input type=”submit” value=”Submit!” />

</p>

</form>

<?php

$result = mysql_query(“SELECT * FROM `library` WHERE `'” . $_POST[‘searchby’] . “‘` = ‘” . $_POST[‘query’] . “‘ ORDER BY `Title` LIMIT 20”);

while ($row = mysql_fetch_array($result))

{

echo $row[‘Last Name’] . $row[‘First Name’] . $row[‘Title’] .$row[‘inout’];

}

?>

<?php

include ‘../address.php’;

include ‘../phptemplates/bottomhall.php’;

?>

Now to the average person that’s not a big deal, but to me after looking at that bit of php code the following questions came to mind:

  • Would I find anything useful if I were to Google the various pages referenced in that code or maybe the domain “gnemi.php-corner.com”?
  • What if I ran a whois lookup against that domain what would I find?
  • What if I Google the email addresses associated with that domain?
  • And most importantly are the username and password referenced stilling being used currently?
  • Are those tables and DB name real or just test names?
  • Would I find anything interesting if I were to crawl that website?

Now a simple whois returned a valid email address along with some other useful information:

And just out of curiosity after visiting http://gnemi.php-corner.com/godWindow/ I was presented with the following:

Now I ***DID NOT LOGIN*** I repeat  ***DID NOT LOGIN*** so I don’t know if those credential are valid BUT what if the were? I am hoping for this person’s sake all of the above information is just for testing purposes but what if its no? Sanitizing all valid  information before posting it would have been nice.