PHSCDC itocdc-2015-www issues

PHSCDC / itocdc-2015-www

An insecure PHP web app for the Iowa State University 2015 IT Olympics Cyber Defense Competition (ITOCDC)

MIT License

0 stars 1 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Actual search

#69 ngiddings closed 9 years ago
0
User disk max

#68 ngiddings closed 9 years ago
0
Put userpage edition into the correct branch

#67 ngiddings closed 9 years ago
0
Bizarre video post failure

#66 ngiddings closed 9 years ago
2
Finicky session handler

#65 ngiddings closed 9 years ago
3
Fatal error in Terms and Privacy

#64 ngiddings closed 9 years ago
2
Sanitize "message" parameter sent back to forms

#63 njohnsn closed 9 years ago
2
Consider implementing password reset tokens.

#62 njohnsn closed 9 years ago
1
Add throttling to login form to prevent brute force password attacks

#61 njohnsn closed 9 years ago
2
Consider adding password requirements when user chooses password.

#60 njohnsn closed 9 years ago
1
Verify file size in php code, not just in JS code.

#59 njohnsn closed 9 years ago
3
Verify secure cookies are used.

#58 njohnsn closed 9 years ago
2
Verify php session id is regenerated after successful login to prevent session hijacking.

#57 njohnsn closed 9 years ago
1
Change form submissions that change data on server to only use POST method.

#56 njohnsn closed 9 years ago
0
Configure php.ini file to log errors to syslog.

#55 njohnsn closed 9 years ago
1
Disable system execution functions in php.ini file on production servers.

#54 njohnsn closed 9 years ago
2
Consider adding tokens to HTML forms to prevent Cross-site request forgery (CSRF) attacks

#53 njohnsn closed 9 years ago
0
Consider upgrading MediaElement.js library

#52 njohnsn closed 9 years ago
1
Consider upgrading jQuery JS library

#51 njohnsn closed 9 years ago
1
Bootstrap library is out of date.

#50 njohnsn closed 9 years ago
1
Application Database User has to many privileges

#49 njohnsn closed 9 years ago
2
Untrusted Connection errors about 50% of the time upon page load.

#48 jummy0 closed 9 years ago
2
Upon attempting to view an invalid video, user gets a PHP error along with our standard error page

#47 jummy0 closed 9 years ago
1
Reversed order of items in title tag

#46 jummy0 closed 9 years ago
0
Functional home button

#45 jummy0 closed 9 years ago
0
Added text to show 100mb upload limit, changed upload limit to variable at top of post.php

#44 jummy0 closed 9 years ago
0
"Completely Digital Clips" text in header is a link, but doesn't lead anywhere

#43 jummy0 closed 9 years ago
0
Videos play automatically, but the player GUI does not reflect that.

#42 jummy0 closed 9 years ago
2
Improved shortname generator

#41 ngiddings closed 9 years ago
0
Rearranged checks in upload

#40 ngiddings closed 9 years ago
0
Integrity checks

#39 ngiddings closed 9 years ago
0
Authenticate

#38 ngiddings closed 9 years ago
0
Closedb

#37 ngiddings closed 9 years ago
0
Uniqueness check for username

#36 ngiddings closed 9 years ago
0
Lack of exception handling for new SQL queries

#35 ngiddings closed 9 years ago
1
Sql merge into master

#34 ngiddings closed 9 years ago
0
Special character causing SQL errors

#33 Geekman16 closed 9 years ago
2
HTML injection threat

#32 jummy0 closed 9 years ago
1
User Email Security

#31 BEASTLYMONKEY27 closed 9 years ago
0
General lack of logging upon exceptions

#30 jummy0 opened 9 years ago
1
User doesn't need to be logged in to view user profiles.

#29 jummy0 closed 9 years ago
2
Upon logout, cookies are marked as expired, not deleted

#28 jummy0 closed 9 years ago
0
privacy.php and terms.php are unprofessional

#27 jummy0 closed 9 years ago
1
Potential bash injection threat

#26 jummy0 closed 9 years ago
2
Logout not killing Cookies

#25 Geekman16 closed 9 years ago
0
Video Length < 4

#24 BEASTLYMONKEY27 closed 9 years ago
1
Should filesize be measured in MiB or MB?

#23 jummy0 closed 9 years ago
1
Do users have direct access to the raw video files?

#22 jummy0 closed 9 years ago
1
Uploaded files are only checked for filetype, not for file contents.

#21 jummy0 closed 9 years ago
3
Uploaded files are not checked for file type until after they're put into the permanent directory

#20 jummy0 closed 9 years ago
3