Upload File dengan PHP

Posted on by endang cahya permana

Cukup sederhana kode untuk upload file di php. script untuk melakukan upload dengan php adalah seperti berikut ini. jangan lupa buat direktori uploads terlebih dahulu.

<!DOCTYPE html>
<html>
<head>
 <title>Upload your files</title>
</head>
<body>
 <form enctype="multipart/form-data" action="upload.php" method="POST">
 <p>Upload your file</p>
 <input type="file" name="uploaded_file"></input><br />
 <input type="submit" value="Upload"></input>
 </form>
</body>
</html>
<?PHP
 if(!empty($_FILES['uploaded_file']))
 {
 $path = "uploads/";
 $path = $path . basename( $_FILES['uploaded_file']['name']);
 if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) {
 echo "The file ". basename( $_FILES['uploaded_file']['name']). 
 " has been uploaded";
 } else{
 echo "There was an error uploading the file, please try again!";
 }
 }
?>

PHP Security Mini Guide – Directory Traversal & Code Injection

Posted on by endang cahya permana

Directory Traversal

Directory Traversal refers to the attack in which an authenticated or unauthenticated user can request and view or execute files which reside outside the root directory of a web application, or outside a directory in which they should be restricted to. This results in an attacker being able to read any file which the user running the webserver (commonly www-data) has access to. If a server has misconfigured file permissions (very common), then this attack can be further escalated.

In the following example the script passes an unavalidated/unsanitized value directly to the include() function. This means that the script will try to include whatever path/filename is passed as a parameter:

Insecure code sample:

$file = $_GET['file'];
include($file);

For example, passing /etc/passwd which is a file readable by all the users returns the content of the file which contains information of all users on the system:

PHP Security

This vulnerability can be mitigated in different ways depending on the case. However the most common and generic way to do it is by using the basename() and realpath() functions.

The basename() function returns only the filename in a given path/filename:

Input: ../../../etc/passwd
Output: passwd

The realname() function returns the canonicalized absolute pathname, only if the file exists and if the running script has executable permissions on all directories in the hierarchy.

Input: ../../../etc/passwd
Output: /etc/passwd

Secure code sample:

$file = basename(realpath($_GET['file']));
include($file);

Now when we request the same file we get an empty response:

PHP security

Avoid blacklisting

Blacklisting is often a bad practice simply because there are more than one ways to make the same request and hackers will always find ways to bypass restrictions. For example ../../../etc/ can also be written as ..%2F..%2F..%2Fetc%2F. If you need to specify access to specific files use a whitelist.

Code Injection/Execution

In this vulnerability an attacker maliciously takes advantage of a script which contains system functions/calls, to read or execute files on a remote server. This is synonymous to having a backdoor shell. Needless to say that under certain circumstances privilege escalation is possible.

In this example a script is using the exec() function to execute the ping command. However, the host is dynamic as it is being passed via an HTTP GET request:

Insecure code sample:

exec("ping -c 4 " . $_GET['host'], $output);
echo "<pre>";
print_r($output);
echo "</pre>";

Passing http://www.google.com as an example, returns the output of the ping command:

PHP Security

This is vulnerable to code injection as it allows the user to pass multiple commands to the function by simply using the “;” delimiter character which in linux can be used to execute multiple commands inline. For example, passing the following value “http://www.google.com;whoami” in the host parameter returns:

PHP Security

As we can see, the script executed both the ping and whoami command.

PHP has two functions, escapeshellarg() and escapeshellcmd(), which can help harden functions such as exec(), shell_exec(), passthru() and system().

escapeshellcmd() escapes any characters in a string that might be used to execute arbitrary commands. The following characters are escaped by preceding a backslash before them &#;`|*?~<>^()[]{}$\, \x0A and \xFF. Single and double quotes are escaped only if they are not paired.

Input: ping -c 4 www.google.com;ls -lah
Output: ping -c 4 www.google.com\;ls -lah

escapeshellarg() adds single quotes around a string and escapes any existing single quotes so that the entire string is being passed as a single argument to a shell command.

Secure code sample:

// #1 Restrict multiple commands
exec(escapeshellcmd("ping -c 4 " . $_GET['host']), $output);

// #2 Restrict multiple commands and multiple arguments
exec(escapeshellcmd("ping -c 4 " . escapeshellarg($_GET['host'])), $output);

The script does not execute the invalid input:

PHP Security

In addition to using these functions, a whitelist of accepted commands/arguments can be created. It should be noted that the escapeshellcmd() and escapeshellarg() functions might behave unpredictably on different Operating Systems, especially on Windows.

Unless it is necessary to keep, it is highly recommended to not use and disable these functions in PHP configurations to avoid security issues.

https://www.acunetix.com/websitesecurity/php-security-2/

50 Calon Smart City

Posted on by endang cahya permana

Berikut Kota/Kabupaten yang Terpilih di Gerakan Menuju 100 Smart City tahap kedua:

1. Kabupaten Sukoharjo
2. Kabupaten Boyolali
3. Kabupaten Banyumas
4. Kota Denpasar
5. Kota Cimahi
6. Kota Medan
7. Kota Surakarta
8. Kabupaten Bantul
9. Kabupaten Magelang
10. Kota Surabaya
11. Kabupaten Batang
12. Kota Binjai
13. Kabupaten Bogor
14. Kabupaten Kulon Progo
15. Kabupaten Sumenep
16. Kota Yogyakarta
17. Kota Depok
18. Kabupaten Langkat
19. Kota Pontianak
20. Kota Pekanbaru
21. Kota Probolinggi
22. Kota Banjarmasin
23. Kota Pelembang
24. Kabupaten Kudus
25. Kabupaten Luwu Timur
26. Kabupaten Muara Enim
27. Kabupaten Pati
28. Kabupaten Jepara
29. Kota Padang
30. Kota Banjarbaru
31. Kabupaten Lamongan
32. Kabupaten Jember
33. Kabupaten Blitar
34. Kabupaten Bandung
35. Kabupaten Sumbawa
36. Kabupaten Tuban
37. Kabupaten Deli Serdang
38. Kabupaten Kendal
39. Kabupaten Indramayu
40. Kabupaten Kutai Timur
41. Kabupaten Blora
42. Kabupaten Pemalang
43. Kabupaten Solok
44. Kabupaten Grobogan
45. Kota Manado
46. Kabupaten Musin Banyuasing
47. Kabupaten Morowali
48. Kabupaten Pasuruan
49. Kota Mataram
50. Kota Sibolga

Menteri Komunikasi dan Informatika Rudiantara mengatakan, smart city adalah sebuah proses yang berkelanjutan. Perbaikan layanan kepada masyarakat yang terus ditingkatkan menjadi sebuah kota/kabupaten itu dikategorikan kota pintar.

Pemilihan kota/kabupaten untuk membentuk master plan pembangunan smart city memiliki kriteria, mulai dari kesiapan infrastruktur Teknologi Informasi dan Komunikasi (TIK), memiliki ruang dari APBD, sampai pola pikir dari pemimpin daerahnya.

sumber detik[dot]com

Scan Password WordPress dengan tools wpscan

Posted on by endang cahya permana

wpscan11

siapa yang tak kenal wordpress.. banyak tentunya…

namun bagi yang kenal web wordpress dan menggunakan wordpress untuk website instansi perusahaanya anda harus hati-hati mengenai keamanannya, karena wp ini masih rentan keamanannya.

jangan terlalu yakin aman. karena tidak ada jaminan dari sananya, apalaagi anda dapatkann gratis, atau anda menjualkannya lagi mungkin untuk bisnis web dengan gampang untuk mendapatkan uang dan klien masih awam dan tak mempermasalahkannya. itu tak jadi masalah.

saya juga pake wp untuk blog disini. gratis.

agar keamanan wp anda teruji. cobalah tools yang bernama wpscan untuk mengujinya.

wpscan alat untuk mengintip versi WordPress sebuah website. Tidak sebatas itu, dia bahkan bisa digunakan untuk melihat celah dari suatu plugin / theme yang digunakan website anda. Manakah yang rentan dan memungkinkan disusupi hacker.

untuk penjelasan lebih lanjut silahkan searching di googl.e. wassalam.

 

 

ZF 1 – erorr Captcha font tidak muncul

Posted on by endang cahya permana

Disana jalan kok disini ga jalan? hampir semua mahluk yang bergelut dalam pemrograman php pernah mengalaminya.

Ketika selesai di instal dan buka halaman login muncul seperti normal tapi tulisan captcha nya kok jadi ga keluar.

zf-captcha-text-tidak-muncul

Terkejut dan heran, perasaan sudah bener. sehingga curiga pada kode berikut.

include_once(“Zend/Captcha/image.php”);
include_once(“Zend/loader.php”);

$captcha = new Zend_Captcha_Image();
$captcha->setWordLen(‘4′)
->setHeight(’60’)
->setFont(‘arial.ttf’)
->setImgDir(‘captcha’)
->setDotNoiseLevel(‘5’)
->setLineNoiseLevel(‘5’);

dan kemudian setelah di telusuri, ketemu lah solusi permasalahnnya. yakni dengan merubah kodenya menjadi seperti ini.

include_once(“Zend/Captcha/image.php”);
include_once(“Zend/loader.php”);

$captcha = new Zend_Captcha_Image();
$captcha->setWordLen(‘4′)
->setHeight(’60’)
->setFont(APPLICATION_PATH . ‘/../public/arial.ttf’)
->setImgDir(‘captcha’)
->setDotNoiseLevel(‘5’)
->setLineNoiseLevel(‘5’);

dan selesailah masalah diatas.

zf-captcha-text-muncul

semoga bermanfaat. wassalam.