Everybody! This is important. In a few days, these forums will be moving over to using the totally sweet Discourse platform. To ensure this migration happens smoothly with no loss of content, these forums are currently in a read-only mode. I do apologize for the inconvenience.

There is never a good time to turn the forums off for an extended period of time, but I promise the new forums will be a billion times better. I'm pretty sure of it.

See you all on the other side in a few days, and if you have any (non-technical) questions, please e-mail me at kirupa@kirupa.com. For technical questions, try to find a tutorial that corresponds to what you are looking for and post in the comments section of that page.

Cheers,
Kirupa

Results 1 to 4 of 4

Thread: Is it possible to hack the xml/flash/php guestbook?

  1. #1
    13
    posts
    Registered User

    Is it possible to exploit the xml/flash/php guestbook?

    I have been using the xml/flash/php guestbook on a site for over a year now with absolutely no problems. In the past week or two though, all of the entries (about 25-30) have been erased. Did my host erase my data, or is it possible to exploit the scripts? All files (.swf, .xml, and .php) are still on the server, but the xml file is completely blank.


    Thanks,
    Blake
    Last edited by bbf3; January 9th, 2008 at 06:46 PM.

  2. #2
    Link me to it? And post your code.
    There may a vulnerability such as you not escaping input correctly.
    Web Design and Web Development blog
    Designer Notice: Browser List for design compatibility

  3. #3
    13
    posts
    Registered User

    okay

    The Actionscript:
    Code:
    var currPage = 0;
    var showAmount = 10;            // set this to the amount of entries you want to view at a time
    previous._visible = false;
    createMessage._visible = false;
    createButton.onRelease = function(){
        this._visible = false;
        this._parent.createMessage._visible = true;
        if (createMessage.nameField.text == ""){
            Selection.setFocus(createMessage.nameField);
        }
        else if (createMessage.messageField.text == ""){
            Selection.setFocus(createMessage.messageField);
        }
    }
    
    // **** Load XML ****************************
    myXML = new XML();
    myXML.ignoreWhite = true;
    receiverXML = new XML();
    
    myXML.onLoad = function(success){
        myXML.contentType = "text/xml";
        if (success){
            this.showXML();
        }
        else{
            trace("Error loading XML file");
        }
    }
    myIdentifier=Math.round(Math.random()*10000);
    myXML.load("guestbook.xml?uniq="+myIdentifier);
    
    receiverXML.onLoad = function(){
        this.contentType = "text/xml";
        _root.currPage = 0;
        this.showXML();
    }
    createMessage.closeButton.onRelease = function(){
        this._parent._visible = false;
        createButton._visible = true;
    }
    createMessage.sendButton.onRelease = function(){
        var myName = this._parent.nameField.text;
        var myMessage = this._parent.messageField.text;
        if (myName == ""){
            this._parent.errorField.text = "please fill out your name";
            Selection.setFocus(this._parent.nameField);        
        }
        else if (myMessage == ""){
            this._parent.errorField.text = "please leave a message";
            Selection.setFocus(this._parent.messageField);
        }
        else {
            myXML.firstChild.appendChild(myXML.createElement("entry"));
            myXML.firstChild.lastChild.attributes.myName = myName;
            myXML.firstChild.lastChild.appendChild(myXML.createElement("myText"));
            myXML.firstChild.lastChild.lastChild.appendChild(myXML.createTextNode(myMessage));
            myXML.sendAndLoad("processXML.php", receiverXML);
            this._parent._visible = false;
            createButton._visible = true;
        }
    }
    XML.prototype.showXML = function(){
        myGuestbook.scroll = 1;
        myGuestbook.htmlText = "";
        var numItems = this.firstChild.childNodes.length;
        var firstItem = numItems - (currPage*showAmount);        
        if (currPage == 0) previous._visible = false;
        var lastItem = firstItem - showAmount ;
        if (lastItem<=0) {
            lastItem = 0;
            next._visible = false;
        }
        myCount.text = "Total messages: " + numItems;
        if (firstItem == lastItem+1) nowShowing.text = "Showing message " + firstItem;
        else nowShowing.text = "Showing message " + firstItem + " to " + (lastItem + 1);
        for (i=(firstItem-1); i>= lastItem; i--){
            myGuestbook.htmlText += "<B>" + this.firstChild.childNodes[i].attributes.myName + "</B> wrote:\n";
            myGuestbook.htmlText +=  this.firstChild.childNodes[i].firstChild.firstChild.nodeValue + "\n\n";
        }
    }
    previous.onRelease = function(){    
        currPage--;
        myXML.showXML();
        next._visible = true;
    }
    next.onRelease = function(){    
        currPage++;
        myXML.showXML();
        previous._visible = true;
    }
    And the php code in processXML.php:
    Code:
    <?php
    $file = fopen("guestbook.xml", "w+") or die("Can't open XML file");
    $xmlString = $HTTP_RAW_POST_DATA; 
    if(!fwrite($file, $xmlString)){
        print "Error writing to XML-file";
    }
    print $xmlString."\n";
    fclose($file);
    ?>
    The xml file, of course, has nothing in it right now.

    Thanks for any insights,
    Blake

  4. #4
    Yes it can be exploited...
    By modifying the data while it gets transfered over to the server you can delete entries.
    A better way to do this is that flash sends some data (Name, URL, Message, Etc) and PHP regenerates an XML file.
    So that way you cannot modify it on the Client side.

    My

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012