SA-MP Forums

Go Back   SA-MP Forums > Other > Everything and Nothing

Reply
 
Thread Tools Display Modes
Old 17/05/2017, 04:05 PM   #1
YouHack
Huge Clucker
 
YouHack's Avatar
 
Join Date: Jan 2017
Location: Lost in Morocco
Posts: 262
Reputation: 21
Default CSRF XSS CSRF RCE protection

Hello,
I've just found an HTTP vulnerability in my server UCP, anyone can use a POST method (form) and inject the code with it, so he will be able to ban or kick anyone in the server, if anyone knows how to block this injection method please help. I'm not experienced with web security at all.
YouHack is offline   Reply With Quote
Old 17/05/2017, 07:14 PM   #2
DRIFT_HUNTER
High-roller
 
Join Date: Oct 2009
Posts: 2,060
Reputation: 126
Default Re: CSRF XSS CSRF RCE protection

If you are not experienced you should read as much as you can and understand how it works. The fact that you found it in your UCP proves that you are on a right track. Personally i would suggest using some framework since they provide protection against most attacks and sanitize allot of things even before you access them.

Also believe it or not wikipedia is your best friend since it will list and describe possible known attacks, from there you will know what to look for meaning you will find how they work and how to implement protection.
__________________
Путин here,
Путин there,
Путин просто everywhere.
DRIFT_HUNTER is offline   Reply With Quote
Old 17/05/2017, 07:36 PM   #3
YouHack
Huge Clucker
 
YouHack's Avatar
 
Join Date: Jan 2017
Location: Lost in Morocco
Posts: 262
Reputation: 21
Default Re: CSRF XSS CSRF RCE protection

Trying to solve it 3 hours ago ... and still.
YouHack is offline   Reply With Quote
Old 17/05/2017, 08:06 PM   #4
YouHack
Huge Clucker
 
YouHack's Avatar
 
Join Date: Jan 2017
Location: Lost in Morocco
Posts: 262
Reputation: 21
Default Re: CSRF XSS CSRF RCE protection

Solved, using an "if" statement before the $_POST code + sanitize function to avoid xss injections / bad requests .
EDIT: Posted it here because the forums are dedicated to Pawn language, not PHP. and I'm too lazy to create a new stackexchange account
YouHack is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Protection sezer0012 Scripting Help 3 25/12/2012 02:21 PM
Player Protection. Like Protection when entering checkpoint. and interior. stevestelford Scripting Help 2 08/06/2012 12:03 AM
[FilterScript] Spawn Protection Filterscript [K665's Spawn Protection] Kerlan Filterscripts 17 28/11/2011 01:02 PM
CD/DVD protection DRIFT_HUNTER Everything and Nothing 5 04/12/2010 07:58 PM
AMX Protection Blatnoi Help Archive 3 22/11/2010 09:29 PM


All times are GMT. The time now is 01:22 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.