Teamwork: famous security threats

Each team spends about 10 minutes investigating one of the following: In each case, the two main questions are:
What was the threat about?
What was the main attack strategy used in the threat?

Client-side security

Injection

In each of the following, $data contains user-submitted code. In each case, determine how the user can disrupt the system.

Server-side security

In order to make scripts secure, all user input must be carefully checked. The best way to check user input is by writing regular expressions which specify the exact pattern of the expected input. This tutorial focusses on understanding the risks and applying simple checks.

Exercises

1.1 Directory indexing and path traversal:
Create a new directory on your webserver. Create a file in that directory. Depending on whether or not your indexes are turned on, you may be able to see a directory listing. Check out some websites you know and try what happens if you delete the last part of the URL. Can you find any websites with unprotected directories?

1.2 HTML injection:
Create a simple web form with a textfield and a simple script that prints the user input from the textfield. (You can use a script from Week 3 for this exercise if you still have it.) Apply no security at this stage. Try entering text with html tags into the textfield (for example "<i>hello</i>") and see what happens.

1.3 Defacing:
Continuing from the previous exercise, enter an image tag (<img src='...' >) with a valid URL into the textfield. See what happens.
In order to fix these basic security risks: if you are using PHP, apply functions, such as htmlspecialchars() and strip_tags(), and observe what they do.

1.4 System commands:
Add a system command to your script (something like system('ls $variable') where $variable contains user-supplied data. Determine how a hacker can obtain shell access via your script. Use escapeshellarg() or escapeshellcmd() in order to protect your code.