Web Applications in PHP Test suite #31
DownloadDescription
The PHP Test cases
Displaying all 15 test cases
-
The test case shows a basic Cross-Site Scripting in PHP. The associate level of defense is zero because the input is directly printed without filtering.
-
The test case shows a basic Cross-Site Scripting in PHP. The associate level of defense is 1. Here we show how to use the typecasting mechanism.
-
The test case shows a basic Cross-Site Scripting in PHP. The associate level of defense is 2. Here we show how to use the replacements of the characters <,>,\',\" etc.
-
The test case shows an SQL Injection in a PHP script.
-
The test case shows an SQL Injection. The defense mechanism is the typecasting of the input variables.
-
The test case shows an SQL Injection in a PHP script. The defense mechanism is escaping the dangerous characters for the SQL query such as \', \" etc.
-
The test case shows a weak encryption practice. Here there is no encryption and the password is stored in the cookie as plain text. We use the cookie to communicate with the black box tool; it is a bad practice to store the password in the cookie.
-
The test case shows a weak encryption practice. Here the password is stored in the cookie as md5 of the password. We use the cookie to communicate with the black box tool; it is a bad practice to store the password in the cookie.
-
The test case shows a weak encryption practice. Here the password is stored in the cookie as SHA-1 of the password. Even if SHA-1 is stronger than MD5, it is a weak algorithm. We use the cookie to communicate with the black box tool; it is a bad practice to store the password in the cookie.
-
The test case shows a weak encryption practice. Here the password is stored in the cookie as a salted SHA-1 of the password. The salted passwords are a common technique to create a better hash, the salt should be inserted in a database... We use the cookie to communicate with the black box tool; ...
-
The test case shows a not so weak encryption practice. Here the password is stored in the cookie as a salted SHA-256 of the password. The salted passwords are a common technique to create a better hash, the salt should be inserted in a database... We use the cookie to communicate with the black b...
-
The test case shows a PHP File Inclusion vulnerability. The script ca represents a basic template engine.
-
The test case shows a PHP Include Vulnerability. A defense mechanism use the file_exists function and the configuration of PHP may allow the file_exists to return true with distant files, this may allow a Remote File Inclusion.
-
The test case exposes a PHP Include Vulnerability. The defense mechanism uses the Apache DOCUMENT_ROOT information to check that the included file is in your document root.
-
The test case shows a PHP Include VUlnerability. The defense mechanism protect from Remote File Inclusion with the Apache DOCUMENT_ROOT check and also the directory traversal with the regular expression.