[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] Re: "hack-me" Ajax apps?
- From: Andrew van der Stock <vanderaj@xxxxxxxxxx>
- Subject: [WEB SECURITY] Re: "hack-me" Ajax apps?
- Date: Mon, 21 Aug 2006 21:48:00 +1000
--Apple-Mail-1--387462432
Content-Transfer-Encoding: 7bit
Content-Type: text/php;
x-unix-mode=0664;
name=ajax_admin.php
Content-Disposition: attachment;
filename=ajax_admin.php
<?php
/*
* Admin Ajax demo. Do not use on real production systems.
*/
require ("Sajax.php");
/*
* do_admin - if the user is an admin, drop the database
*/
function do_admin($isAdmin)
{
if ($isAdmin)
{
// mysql->query("DROP DATABASE foo");
return "Destroyed database";
} else
{
return "Not authorized";
}
}
/*
* login - try to log the user in
*
* NB: fixed password here for demo only.
*/
function do_login($username, $password)
{
$isAdmin = false;
if ($username == 'admin' && $password == 'password') // hard coded for fun
{
$isAdmin = true;
}
return array(0 => $isAdmin, 1 => $username);
}
$sajax_request_type = "GET";
sajax_init();
sajax_export("do_admin", "do_login");
sajax_handle_client_request();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";>
<head>
<title>Ajax Admin</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<script type="text/javascript">
<?php
sajax_show_javascript();
?>
</script>
<script type="text/javascript">
var isAdmin = false;
function drop_database_cb(inMessage)
{
document.admin_form.login.disabled = false; // Enable login button
document.admin_form.drop_database.disabled = true; // database is gone, disable database button
document.getElementById("admin").innerHTML = inMessage; // set the error text (if any)
isAdmin = false; // "Logout" of the application
}
function do_drop_database()
{
document.getElementById("admin").innerHTML = "Processing query";
x_do_admin(isAdmin, drop_database_cb);
}
function login_cb(inSuccessArr)
{
isAdmin = inSuccessArr[0];
inAsUser = inSuccessArr[1];
if ( isAdmin )
{
document.admin_form.drop_database.disabled = false;
document.getElementById("admin").innerHTML = "Logged in as " + inAsUser;
}
else
{
document.admin_form.login.disabled = false; // Ensure the user can log in again
document.getElementById("admin").innerHTML = "Could not log in as " + inAsUser;
}
}
function do_login()
{
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;
document.getElementById("username").value = "";
document.getElementById("password").value = "";
document.admin_form.login.disabled = true;
x_do_login(username, password, login_cb);
}
function init_form()
{
document.admin_form.login.disabled = false;
document.admin_form.drop_database.disabled = true;
document.getElementById("admin").innerHTML = "Not logged in";
}
</script>
</head>
<body onLoad="init_form();">
<form name="admin_form" action="#" onsubmit="login();return false;">
<b>
<a href="http://www.modernmethod.com/sajax";>Sajax</a>
v<?php echo $sajax_version; ?>
</b>
-
<br />
<br />
<strong>Admin pages</strong>
<br />
<br />Please login:
<br />
<input type="text" name="username" id="username" value="" style="width:130px;" />
<input type="password" name="password" id="password" value="" style="width:300px;" />
<input type="button" name="login" value="Login"
onClick="do_login(); return false;" />
<br />
<br />
<div id="status">
<input type="button" name="drop_database" value="Delete database" onClick="do_drop_database();" />
</div>
<div id="admin">Idle</div>
</form>
</body>
</html>
--Apple-Mail-1--387462432
Content-Transfer-Encoding: 7bit
Content-Type: text/php;
x-unix-mode=0664;
name=ajax_admin2.php
Content-Disposition: attachment;
filename=ajax_admin2.php
<?php
/*
* Admin Ajax demo. Do not use on real production systems.
*/
session_start();
if ( !isset($_SESSION['admin']) )
{
$_SESSION['admin'] = false;
}
require ("Sajax.php");
/*
* do_admin - if the user is an admin, drop the database
*/
function do_admin()
{
if ($_SESSION['admin'])
{
// mysql->query("DROP DATABASE foo");
$_SESSION['admin'] = false;
return "Destroyed database";
} else
{
$_SESSION['admin'] = false;
return "Not authorized";
}
}
/*
* login - try to log the user in
*
* NB: fixed password here for demo only.
*/
function do_login($username, $password)
{
$_SESSION['admin'] = false;
if ($username == 'admin' && $password == 'password') // hard coded for fun
{
$_SESSION['admin'] = true;
}
return array(0 => $_SESSION['admin'], 1 => htmlentities($username, ENT_QUOTES, 'UTF_8'));
}
$sajax_request_type = "POST";
sajax_init();
sajax_export("do_admin", "do_login");
sajax_handle_client_request();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";>
<head>
<title>Ajax Admin</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<script type="text/javascript">
<?php
sajax_show_javascript();
?>
</script>
<script type="text/javascript">
function drop_database_cb(inMessage)
{
document.admin_form.login.disabled = false; // Enable login button
document.admin_form.drop_database.disabled = true; // database is gone, disable database button
document.getElementById("admin").innerHTML = inMessage; // set the error text (if any)
}
function do_drop_database()
{
document.getElementById("admin").innerHTML = "Processing query";
x_do_admin(drop_database_cb);
}
function login_cb(inSuccessArr)
{
isAdmin = inSuccessArr[0];
inAsUser = inSuccessArr[1];
if ( isAdmin )
{
document.admin_form.drop_database.disabled = false;
document.getElementById("admin").innerHTML = "Logged in as " + inAsUser;
}
else
{
document.admin_form.login.disabled = false; // Ensure the user can log in again
document.getElementById("admin").innerHTML = "Could not log in as " + inAsUser;
}
}
function do_login()
{
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;
document.getElementById("username").value = "";
document.getElementById("password").value = "";
document.admin_form.login.disabled = true;
x_do_login(username, password, login_cb);
}
function init_form()
{
document.admin_form.login.disabled = false;
document.admin_form.drop_database.disabled = true;
document.getElementById("admin").innerHTML = "Not logged in";
}
</script>
</head>
<body onLoad="init_form();">
<form name="admin_form" action="#" onsubmit="login();return false;">
<b>
<a href="http://www.modernmethod.com/sajax";>Sajax</a>
v<?php echo $sajax_version; ?>
</b>
-
<br />
<br />
<strong>Admin pages</strong>
<br />
<br />Please login:
<br />
<input type="text" name="username" id="username" value="" style="width:130px;" />
<input type="password" name="password" id="password" value="" style="width:300px;" />
<input type="button" name="login" value="Login"
onClick="do_login(); return false;" />
<br />
<br />
<div id="status">
<input type="button" name="drop_database" value="Delete database" onClick="do_drop_database();" />
</div>
<div id="admin">Idle</div>
</form>
</body>
</html>
--Apple-Mail-1--387462432
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed
Robert,
Feel free to use those - it's from my demo at OSCON. The first one is
truly a horror - do NOT plonk it on a public web server!
thanks,
Andrew
On 16/08/2006, at 10:07 PM, Jeff Robertson wrote:
> Where could I find hackable, fake, Ajax application? Like webgoat,
> etc.,
> but all Ajax?
>
> If the answer is to "write one", I'm willing, but I'd rather not
> reinvent any wheels.
>
>
> ----------------------------------------------------------------------
> ---
> Sponsored by: Watchfire
>
> Watchfire was recently named the worldwide market leader in Web
> application security assessment tools by both Gartner and IDC.
> Download a free trial of AppScan today and see why more customers
> choose
> AppScan then any other solution. Try it today!
>
> https://www.watchfire.com/securearea/appscancamp.aspx?
> id=701500000008VnB
> ----------------------------------------------------------------------
> ----
>
>
--Apple-Mail-1--387462432
Content-Type: text/plain; charset=us-ascii
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
--Apple-Mail-1--387462432--
Brought to you by http://www.webappsec.org
Search this site
|