Security through examples - notes

Fedrianto Ramadhan -

Some of these tips helped me understand the security side of laravel and how one user uses these tricks to check if it's vulnerable. On a good note, we're in good hands with these frameworks as they keep on updating some basic security, so we focus on more advanced security.

check if it’s vulnerable by adding '  to the input text, if it shows error then add this

' OR 1=1 #

using sqlmap

sqlmap --url=http://localhost:8000?search=t -p search --dbs
sqlmap --url=http://localhost:8000?search=t -p search -D table_name --tables
sqlmap --url=http://localhost:8000?search=t -p search -D table_name -T users --dump

to prevent

// example of raw
->whereRaw("slug LIKE '%{$s}%'");
// if really need to use raw
->whereRaw("slug LIKE ?", ["%{$s}%"]);

execute js text field

// add in text field
Hello World'" Blah

// now add this in text field
"><script>alert("ok")</script>

// it's because of this
<input value="{!! request('search') !!}" />
// to fix 
<input value="{{ request('search') }}" />

// or this
<div>{!! nl2br($book->description) !!}</div>
// if need to use this use e()
<div>{!! nl2br(e($book->description)) !!}</div>

// or use 
public function escapedDescription(): Attribute
{
	return Attribute::get(fn() => new HtmlString(nl2br(e($this->description))));
}
// then use 
<div>{{ $book->escapedDescription }}</div>

Another way to execute js in markdown

<img src="#" onmouseover="alert('ok')" />

Str::markdown("<img src="'#' onmouseover='alert(\\"Book!\\")'>");
-> <img src='#' onmouseover='alert("Book!")'>

Str::markdown("<img src="'#' onmouseover='alert(\\"Book!\\")'>", ['html_input' => 'escape');
-> &lt;img src='#' onmouseover='alert("Book!")'&gt;

Str::markdown("<img src="'#' onmouseover='alert(\\"Book!\\")'>", ['html_input' => 'strip');
-> ""

Str::markdown("<img src="'#' onmouseover='alert(\\"Book!\\")'>", ['html_input' => 'escape', 'allow_unsafe_links' => false);
-> ""

to fix

public function escapedDescription(): Attribute
{
	return Attribute::get(
		fn() => Str::of($this->description)->markdown(
			'html_input' => 'escape',
			'allow_unsafe_links' => false,
			'max_nexting_level' => 5,
		)->toHtmlString();
	);
}

To safely compare 2 strings

// this is like $request->key === $key
hash_equals($request->key, $key)