Intro to CakePHP for Bug Hunters

A short guide to help you fast track your hunt

Chris Lyne
Jun 12, 2019 · 8 min read

Introduction

Framework Overview

Image for post
Image for post
Source: CakePHP Request Cycle

Application Routes

Image for post
Image for post
ArticlesController will handle /Articles
Router::connect(
‘/Articles’,
array(‘controller’ => ‘MyArticles’, ‘action’ => ‘index’)
);
Image for post
Image for post
Custom route into MyArticlesController
bin/cake routes

Controller

Image for post
Image for post
Update Action in ArticlesController
class ArticlesController extends AppController
{
public function update()
{
// some logic
}
}
class UsersController extends AppController
{
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
$this->Auth->allow('add'); // no auth required to add!
}
public function add()
{
// pre-auth functionality
}
}

HTTP Requests

$this->request->getQuery('id');          // $_GET['id']
$this->request->getData('token'); // $_POST['token']
$this->request->env('SERVER_NAME'); // $_SERVER['SERVER_NAME']
$this->request->getHeaderLine('referer') // $_SERVER['HTTP_REFERER']
$this->request->getCookie('sid') // $_COOKIE['sid']
$id = $this->getRequest()->getSession()->read(‘User.id’);
$this->getRequest()->getSession()->write(‘User.twitter’, ‘@lynerc’);

Model

Image for post
Image for post
Model Directory Structure
$name = $this->request->getQuery('name');
$query = “SELECT * FROM articles WHERE name=’$name’”;
$connection->execute($query)->fetchAll('assoc');

View

Image for post
Image for post
View Template Directory Structure
<?php foreach ($mylist as $item): ?>
<li><?= $item ?></li>
<?php endforeach; ?>
$this->set(‘color’, ‘light blue’);
The sky is <?= h($color) ?> .

Middleware

Image for post
Image for post
Source: CakePHP Middleware

Security

Conclusion

Tenable TechBlog

Learn how Tenable finds new vulnerabilities and writes the…

Chris Lyne

Written by

Chris is a security researcher at Tenable, focused on finding 0-day vulnerabilities. He is a former developer and aims to make the cyber world more secure.

Tenable TechBlog

Learn how Tenable finds new vulnerabilities and writes the software to help you find them

Chris Lyne

Written by

Chris is a security researcher at Tenable, focused on finding 0-day vulnerabilities. He is a former developer and aims to make the cyber world more secure.

Tenable TechBlog

Learn how Tenable finds new vulnerabilities and writes the software to help you find them

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store