We require the services of a specialist PHP security expert to make some alterations to the existing code on our website, following a routine security scan.
The following areas have been identified:
- Cross Site Scripting - Recommendation: Scripts need to filter metacharacters from user input (29 affected files)
- CRLF injection/HTTP response spiltting - Recommendation: You need to rescrict CR(0x13) and LF(0x10) from the user input or properly encode the output in order to prevent the injection of custom HTTP headers. (1 affected file)
- Blind SQL Injection - Recommendation: You should filter metacharacters from user input (13 affected files)
- User credentials are sent in clear text (1 affected file)
- HTML form without CSRF protection (15 affected files)
We know the files where the vulnerabilities exist.
We will only consider working with freelancers who have good feedback with security related web work.