So, a year almost to the day later, I sent a follow-up mail, reminding them about the holes I reported, reporting another hole and setting a deadline of two weeks, after which I would apply for a CVE and publish the vulnerability. They never responded to my mail and never fixed the second Cross-Site scripting hole.
I cursed, wrote up some proof-of-concept code and reported the vulnerability to the devs.Ī few weeks later, a new version of PHP Generator was released, fixing one of the two Cross-Site scripting holes I reported. The story begins in July 2012, when I noticed that the code generated by PHP Generator had multiple vulnerabilities to Cross-Site scripting, allowing me to steal the login cookie (which, for good measure, contained the password in clear text, even if it was stored as a hash in the database). I was required to use it (as opposed to writing something myself) during my last employment with an institute at my university. It does a comparatively good job and provides some decent options, although the UI is somewhat cluttered and unintuitive, and the error reporting in places nonexistant. PHP Generator for MySQL is a software that allows non-programmers to create web-frontends to their MySQL-Databases. Todays subject is the PHP Generator for MySQL software by SQL Maestro (whose website will present you with a self-signed certificate for *. if you try to access it via SSL, so you at least have to give them credit for creativity in that area).
Welcome to the second installment of the “case study in bad design”-series, where I talk about generally horrible design in code, security or user experience.
0 kommentar(er)
