mysql injection

ch1zra · May 24, 2009

elem, imam ovo :

$cxn=@mysql_connect("$host","$user","$pass") or die ($diemsg);

@mysql_select_db("$dbname",$cxn);

sve je jelda definisano, ali neki lik me je iscimao, i kao baci oko na ovo :

http://ch1zra.com/mirc/index.php?display=S...t+all+1,2,3,4--

i tu izlista neke sitne pizdarijice (nisam se nikad interesovao oko injectiona, pa ne znam sta tacno izlistava, kontam da je broj kolona u datoj tabeli, and so on).

elem, ja koliko sam uspeo da izgooglam, @mysql_connect i @mysql_select_db bi trebalo da resi taj problem, ali avaj.. nije :P

dakle, jel imate ideju neku sta da radim ? :)

nije da drzim neke bitne podatke i tim tabelama, al svejedno, zelim da ne moze niko da mi madjija tu.

dzontra.volta · May 24, 2009

http://www.phearless.org/i4/TINY_phile_abo..._injections.txt

http://www.phearless.org/i1/SQL_Injection.txt

(Ovaj drugi je pisao de1, tako da ti on moze biti od vrle pomoci :])

dvnityCker · May 24, 2009

svaki upit u bazu ciji su delovi user-generated moras da provlacis kroz f-jy

mysql_real_escape_string

da bi se osigurao od haka. Ta funkcija je sigurna zastita od zloupotrebe. Mysql injection nastaje kada se radi neociscen upit u bazu. Recimo da imas kod kojim vrsis selekciju na osnovu nekog korisnickog odabira:

$id = $_GET['id']

$result = mysql_query("SELECT * FROM admin WHERE id = $id");

ovaj upit je nesiguran zato sto ja umesto id-a u GET mogu da stavim sledeci kod recimo : 1; DROP TABLE admin i da se tebi izvrsi sledeci query:

$result = mysql_query("SELECT * FROM admin WHERE id =1; DROP TABLE admin");

ch1zra · May 24, 2009

ok... i dalje me nesto jebucka :D

ako moze mali heads up samo, gde i kako da ubacim escape ?

$diemsg = "An error occurred while trying to retrieve data. Please try again later.";

$cxn=@mysql_connect("$host","$user","$pass") or die ($diemsg);

@mysql_select_db("$dbname",$cxn);


$SnippetID = $_GET['SnippetID'];

if (isset($SnippetID)) {

	$query = "select * from snippets where id = " . $SnippetID;

	$result = mysql_query($query) or die ("Can't find requested snippet.");

	while ($row = mysql_fetch_assoc($result)) {

	extract($row);

	echo "<div class=\"top\">";

	echo "<div align=\"right\" style=\"color: #000000\">..:: \$snippets >> " . $snipname . "</div>";

	$cnt = str_replace(" />",">",html_entity_decode($description, ENT_QUOTES));

	echo "<div class=\"down\">";

	echo $cnt;

	echo "<br><br>";

	echo "<form name=\"snippet\" action=\"none\"><textarea name=\"snippet\" readonly style=\"color:#000000;background-color:#CCCCCC;\" onClick=\"java script:this.form.snippet.focus();this.form.snippet.select();\" cols=\"70\" rows=\"10\">" . $snip . "</textarea></form>";

	echo "<hr width=\"600\"><div align=\"right\"><a href=\"index.php?display=Snippets\">Back to all \$snippets</a></div></div></div>";

	}

}

//edit malo seljacka varijanta, al uspeo sam nesto da odradim.. ubacio sam :

if (isset($SnippetID))  {

if (!ctype_alnum($SnippetID)) {

	die("bad user input, gtfo!");

}

Edited May 24, 2009 by ch1zra

dzontra.volta · May 24, 2009

To bi trebalo da je to.

dvnityCker · May 24, 2009

umesto:

$SnippetID = $_GET['SnippetID'];

ubaci:

$SnippetID = mysql_real_escape_string($_GET['SnippetID']);

ch1zra · May 24, 2009

blagodarim :)

Trooper · May 24, 2009

also, nacin na koji ovo zapravo treba raditi: http://dev.mysql.com/tech-resources/articl...statements.html

dvnityCker · May 25, 2009

^ slazem se, ali dosta (besplatnih) hostova nema novi mysql, ili nema ukljucen mysqli

Sign In

mysql injection

Recommended Posts

ch1zra

Link to comment

Share on other sites

dzontra.volta

Link to comment

Share on other sites

dvnityCker

Link to comment

Share on other sites

ch1zra

Link to comment

Share on other sites

dzontra.volta

Link to comment

Share on other sites

dvnityCker

Link to comment

Share on other sites

ch1zra

Link to comment

Share on other sites

Trooper

Link to comment

Share on other sites

dvnityCker

Link to comment

Share on other sites

Join the conversation

Forum

Activity

Social

PLAY Zine