Project Detail

XSS Attack Code Injection FIX PHP  

XSS Attack Code Injection FIX PHP is project number 319840
posted at Freelancer.com. Click here to post your own project.

 

| More Free Trial For New Buyers
 

Status:

Selected Providers: crajeshbe

Budget: $30-250

Created: 10/01/2008 at 2:04 EDT

Bid Count: 7

Average Bid:
$ 84

11/30/2008 at 2:04 EST

Project Creator: rightnowloads
Employer Rating: 9.5333/109.5333/109.5333/109.5333/109.5333/109.5333/109.5333/109.5333/109.5333/109.5333/10 (15 reviews)

Bid On This Project
 

Description

From only a search enging search my page is showing results cashed in the database somehow. I need someone who knows how to fix code injections from php XSS Attacks.

Example: Please click on the page www.rightnowloads.com/full-truckloads.php

Google Search:
http://www.google.com/search?source=ig&hl=en&rlz=&q=florida+flatbed+loads

Yahoo Search:
http://search.yahoo.com/search?p=florida+flatbed+loads&fr=yfp-t-501&toggle=1&cop=mss&ei=UTF-8

Direct Link:
If you go directly to the page you will not see the error messages and the malicious code.
http://www.rightnowloads.com/full-truckload.php?state=FL


I have attached two files. Using the php htmlentities function I showed the html for one good page directly from the site. And one bad page coming from the search engines. You can see the difference and the extra code.

I believe this is some code still in my database. I need some one to fix or develop a way to use only safeHTML, or a way to filter out the bad code from the table.


Additional files submitted:
Direct-link.html
Search-Engine-Link.html

Messages Posted:0 View project clarification board Post message on project clarification board

Bid On This Project
 

If you are the project creator or one of the bidders Log In for more options

OpenVisionCorp

 

170

2 days

10-01-2008 03:42 EDT

9.9141/109.9141/109.9141/109.9141/109.9141/109.9141/109.9141/109.9141/109.9141/109.9141/10
(128 reviews)

Dear Sir/Madam I am a expert - professional with an experience of 7 years in making website designs, graphic designs, logo designs, flash,OSCommerce, Joomla, DotnetNuke, PHP/Mysql, ASP, ASP.Net, Access, MS SQL Server, .Net, Ajax, CSS, DHTML, Javascript, Web promotion, SEO, Able dating and personals site, Data Processing, Script Intallation, System Admin, develop a full site, security etc…. I am ready to start doing your project. I assure you that you will get 100% satisfaction. I am very happy if I can get a chance to work with you. I am hoping and hearing from you. Thank you very much.

help

crajeshbe

 

50

1 day

10-01-2008 05:26 EDT

10/1010/1010/1010/1010/1010/1010/1010/1010/1010/10
(64 reviews)

Expert in XSS bug fixing. Please see my profiles and reviews. Ready to start the project. Regards C.Rajesh B.E

help

ItCanWork

 

50

0 days

10-01-2008 10:46 EDT

9.9474/109.9474/109.9474/109.9474/109.9474/109.9474/109.9474/109.9474/109.9474/109.9474/10
(19 reviews)

Found your problem - can repair today. Will check entire site for potential XSS and other security vulnerabilities.

help

ninjaa

 

120

7 days

10-01-2008 06:07 EDT

10/1010/1010/1010/1010/1010/1010/1010/1010/1010/10
(4 reviews)

Check all of your website pages , Scripts and etc

help

j2eedesigner

 

30

0 days

10-01-2008 05:07 EDT

10/1010/1010/1010/1010/1010/1010/1010/1010/1010/10
(1 reviews)

This is an invalid handling for mysql queries. I can fix this bug.

help

devcsr

 

100

1 day

10-01-2008 07:03 EDT

(No Feedback Yet)

we are security team experienced in development and vulnerability testing. We correct the reported error and check for other possible vulnerability. please pm for more information. best regards CSR

help

rahcomp

 

70

2 days

10-01-2008 10:42 EDT

(No Feedback Yet)

Hello, This Is Rahul V. Ambardekar Here,Currently Pursuing In Computer Engineering Academics,In India. Key Features : Web Security Analysis : Learning / Providing Website Penetration Tests Such As XSS, Sql Injection,Parameter Manipulation,Cookie Manipulation, Google hacking Database , Cgi Testing , Server side Vulnerabilities Etc. I'll Provide you With Complete Analysis Report And Remedies On Vulnerabilities Found On The Website. I'll Be Performing Following tests on Your Website : ->Version Checks [ Test for reporting vulnerable versions ] ->CGI Tests [Tests for testing CGI vulnerabilities] ->Parameter Manipulaion -Cross Site Scripting -SQL injection -Code execution -Directory traversal -File inclusion -Script source code disclosure -CRLF injection/HTTP response splitting -XFS vulnerability -PHP code injection -XPath Injection vulnerability -Full path disclosure -LDAP Injection vulnerability -Cookie manipulation -URL redirection -Blind SQL/XPath injection ->File Checks And Respective Access Permissions -Backup files -Script errors -Cross Site Scripting in URI ->Tests for performing directory check -Common files -Possible sensitive files -Directory permissions -Web Applications -Cross Site Scripting in path -PHPSESSID session fixation ->Tests for performing directory check -Directory Listing -Directory Listing -Common files -Email address found -Microsoft Office possible sensitive information -Local path disclosure -Error messages ->Google Hacking Database Scans [1553 Tests] ============================ Few More Words About Me : I Have Been In The Field Of Freelancing Since Last Two Years And Have Done Some Programming In Following Programming Languages. : Web Development : Primary Preference : Html , Asp , Php Secondary Preference : Jsp, Asp.net , Java Servlets : Desktop Application Development : Primary Preference : VB Secondary Preference : Java : Databases Worked On : Primary Preference : Mysql, Ms Access Secondary Preference : oracle Graphics / Logo / Banner Making : Primary Preference : Photoshop {Basic Level } Soon Launching A New Website on Google hacking : Link : http://ghack.softmania.co.cc Thank You.

help


    Bid on this Project