-
Notifications
You must be signed in to change notification settings - Fork 0
/
index - invulneravel.php
99 lines (71 loc) · 3 KB
/
index - invulneravel.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
/** Exemplo de vulnerabilidade de */
header('X-Frame-Options: DENY');
header("Strict-Transport-Security: max-age=31536000; includeSubDomains");
echo "<b>HSTS Enabled!</b>";
//*/
header("Content-type: text/plain");
header( "Set-Cookie: name=value; httpOnly" );
ini_set( 'session.cookie_httponly', 1 );
//header("Content-Security-Policy: default-src 'none';");//para tratar vulnerabilidade : Potential_Clickjacking_on_Legacy_Browsers
header("Content-Security-Policy: default-src 'self';");//para tratar vulnerabilidade : Potential_Clickjacking_on_Legacy_Browsers
//header("Content-Security-Policy-Report-Only: default-src 'none';"); // check out https://www.projectseven.net/php-content-security-policy.php
header('X-Frame-Options: SAMEORIGIN');//para tratar vulnerabilidade : Potential_Clickjacking_on_Legacy_Browsers
session_destroy(); // limpar sessão anterior para evitar reutilização por parte de Attackers
session_start();
//$_SESSION["wsahljashdkl"]= $_POST["firstname"];// exemplo de vulnerabilidade de acesso sem delimitação - requer sanitizer/validação
//$_SESSION["wsahljashdkl"]= strval("" . $_POST["firstname"]);// exemplo de vulnerabilidade de acesso sem delimitação com BAD sanitizer
$aux_post= filter_var($_POST['firstname'], FILTER_SANITIZE_STRING);// exemplo de vulnerabilidade de acesso sem delimitação com sanitizer
echo"" . $var ;
echo aaa();
function aaa($param){
$a = htmlentities($param);
//$aux_get=htmlspecialchars( $_GET['query'] ); // unsufficient usage
$aux_get= htmlspecialchars($_GET['query'], ENT_QUOTES, 'UTF-8');
echo("<p>Search results for query: " . $aux_get. ".</p>");
/* // Unchecked Error Condition
try {
doExchange();
}
catch (IOException e) {
logger.error("doExchange failed", e);
}
catch (InvocationTargetException e) {
logger.error("doExchange failed", e);
}
catch (SQLException e) {
logger.error("doExchange failed", e);
}
*/
return $a;
}
?>
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'none' ; ">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Discusses Techniques for Using Content Security Policy">
<meta name="author" content="Glaser">
<!-- Theme CSS -->
<link href="img/secure-PHP.png" rel="icon" type="image/x-icon">
<link href="css/bundle.min.css" rel="stylesheet">
<link href='https://fonts.googleapis.com/css?family=Lora:' rel='stylesheet' type='text/css'>
<title>PHP and Content Security Policy</title>
</head>
<script>
fucntion aaa(){
console.log(<?=$var?>);
}
aaa();
</script>
hello
<form action="" method="post">
First name:<br>
<input type="text" name="firstname" value="Mickey">
<br>
Last name:<br>
<input type="text" name="lastname" value="Mouse">
<br><br>
<input type="submit" value="Submit">
</form>