filling in multiple forms

  • may
  • Proficient
  • Proficient
  • User avatar
  • Posts: 328
  • Loc: Holland [NL]

Post 3+ Months Ago

No but it is a field that i can manipulate directly writing my own html form that posts to your site. And instead of "username" i could insert something like;

innerjoin select blaat.... #(original query is commented out)

This hacking method is called sql injection. You should always check strings that are being supplied by forms (especially Gets wich show in the address bar) to see if the data format is correct..

;-)
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

You can alter field(s) through a SELECT sql? :shock:

Anyway, if there is any real reason to use GET for sql things... You can try the following security measure
Code: [ Select ]
mysql_real_escape_string($username);


:lol: I got much to learn haha
  • may
  • Proficient
  • Proficient
  • User avatar
  • Posts: 328
  • Loc: Holland [NL]

Post 3+ Months Ago

Have a look ;)
http://www.zeroict.nl/
  • neksus
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2194
  • Loc: Canada

Post 3+ Months Ago

I've seen those before. It's nothing I'd use, to be quite honest. When's the last time you saw a professional site encrypt their HTML? Trying to protect your precious picture? OH wait, here it is:
http://img229.imageshack.us/img229/8242/c4paranaae6.gif
  • may
  • Proficient
  • Proficient
  • User avatar
  • Posts: 328
  • Loc: Holland [NL]

Post 3+ Months Ago

You combine queries, hell you can even solve a sudoku using sql, here is an article one of my collegues wrote ;)
http://technology.amis.nl/blog/?p=2066

you can sure do allot using sql :)
  • may
  • Proficient
  • Proficient
  • User avatar
  • Posts: 328
  • Loc: Holland [NL]

Post 3+ Months Ago

heheh lol :) ps sorry for my intrusion, ill be back messing with SMB :)

ps. that uses to be a decent website... used to be :S

Good luck you two
  • neksus
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2194
  • Loc: Canada

Post 3+ Months Ago

Interesting read, may :)
  • simmondsjon
  • Novice
  • Novice
  • simmondsjon
  • Posts: 20

Post 3+ Months Ago

sooo any idea neksus on why it wont show? : )
  • neksus
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2194
  • Loc: Canada

Post 3+ Months Ago

If you view the source is anything being generated?
  • may
  • Proficient
  • Proficient
  • User avatar
  • Posts: 328
  • Loc: Holland [NL]

Post 3+ Months Ago

simmondsjon wrote:
sooo any idea neksus on why it wont show? : )


maybe this might help you?

PHP Code: [ Select ]
 
<?php
/* Is the session needed? */
#session_start();
 
$host="localhost:8889";
$username="root";
$password="root";
$db_name="MyDB";
$tbl_name="Module";
 
if(isset($_POST['ModuleCode']) || isset($_GET['ModuleCode'])){
    $ModuleCode = (isset($_POST['ModuleCode'])) ? $_POST['ModuleCode'] : $_GET['ModuleCode'];
}else{
    $ModuleCode = false;
}
 
/* We will first catch all the content, if all is well we just print the baby */
$content = "";
/* Check to see if we have a Post or Get */
if($ModuleCode){
    /* Checking the litteral string */
    $preg = '/CS[0-9]{3,3}/';
    if($preg_match($preg, $ModuleCode)){
        if($link = @mysql_connect("$host", "$username", "$password")){
            if($ModuleCode = mysql_real_escape_string($ModuleCode, $link)){
                if(@mysql_select_db("$db_name", $link)){
                    $sql = "SELECT * FROM `Module` WHERE ModuleCode='$ModuleCode'";
                    if($result = @mysql_query($sql, $link)){
                        if(is_resource($result) && (mysql_num_rows($link) > 0){
                            while($row = mysql_fetch_array($result)){
                                $content .= "<div>$row['StudentNumber'] => $row['ModuleCode']</div>\r\n";
                            }
                        }else{
                            $content .= "No results from database";
                        }
                    }else{
                        $content .= mysql_error($link)."<br>\r\n";
                        $content .= mysql_errno($link)."<br>\r\n";
                    }
                }else{
                    $content .= mysql_error($link)."<br>\r\n";
                    $content .= mysql_errno($link)."<br>\r\n";
                }
            }else{
                $content .= "Escape failed, connection to sqldb might be lost";
            }
        }else{
            $content .= "Couldnt connect to mysql";
        }
    }else{
        $content .= "Invalid characters found! Use CS<i>nnn</i> where n = number!";
    }
}else{
    $content .= "No ModuleCode received!";
}
 
if(!empty($content)){ 
   print($content);
}else{
 echo "Something went very wrong!";
}
exit;
  1.  
  2. <?php
  3. /* Is the session needed? */
  4. #session_start();
  5.  
  6. $host="localhost:8889";
  7. $username="root";
  8. $password="root";
  9. $db_name="MyDB";
  10. $tbl_name="Module";
  11.  
  12. if(isset($_POST['ModuleCode']) || isset($_GET['ModuleCode'])){
  13.     $ModuleCode = (isset($_POST['ModuleCode'])) ? $_POST['ModuleCode'] : $_GET['ModuleCode'];
  14. }else{
  15.     $ModuleCode = false;
  16. }
  17.  
  18. /* We will first catch all the content, if all is well we just print the baby */
  19. $content = "";
  20. /* Check to see if we have a Post or Get */
  21. if($ModuleCode){
  22.     /* Checking the litteral string */
  23.     $preg = '/CS[0-9]{3,3}/';
  24.     if($preg_match($preg, $ModuleCode)){
  25.         if($link = @mysql_connect("$host", "$username", "$password")){
  26.             if($ModuleCode = mysql_real_escape_string($ModuleCode, $link)){
  27.                 if(@mysql_select_db("$db_name", $link)){
  28.                     $sql = "SELECT * FROM `Module` WHERE ModuleCode='$ModuleCode'";
  29.                     if($result = @mysql_query($sql, $link)){
  30.                         if(is_resource($result) && (mysql_num_rows($link) > 0){
  31.                             while($row = mysql_fetch_array($result)){
  32.                                 $content .= "<div>$row['StudentNumber'] => $row['ModuleCode']</div>\r\n";
  33.                             }
  34.                         }else{
  35.                             $content .= "No results from database";
  36.                         }
  37.                     }else{
  38.                         $content .= mysql_error($link)."<br>\r\n";
  39.                         $content .= mysql_errno($link)."<br>\r\n";
  40.                     }
  41.                 }else{
  42.                     $content .= mysql_error($link)."<br>\r\n";
  43.                     $content .= mysql_errno($link)."<br>\r\n";
  44.                 }
  45.             }else{
  46.                 $content .= "Escape failed, connection to sqldb might be lost";
  47.             }
  48.         }else{
  49.             $content .= "Couldnt connect to mysql";
  50.         }
  51.     }else{
  52.         $content .= "Invalid characters found! Use CS<i>nnn</i> where n = number!";
  53.     }
  54. }else{
  55.     $content .= "No ModuleCode received!";
  56. }
  57.  
  58. if(!empty($content)){ 
  59.    print($content);
  60. }else{
  61.  echo "Something went very wrong!";
  62. }
  63. exit;
  • may
  • Proficient
  • Proficient
  • User avatar
  • Posts: 328
  • Loc: Holland [NL]

Post 3+ Months Ago

Ps lose the single quotes in `Module` use

"SELECT * FROM Module WHERE ModuleCode='$ModuleCode'";
  • simmondsjon
  • Novice
  • Novice
  • simmondsjon
  • Posts: 20

Post 3+ Months Ago

Neksus, I have most of your code working now and I thank you an awful lot. I will comment more tomorrow as its going past 2am and i'm shattered lol

May, your code wont show up in my browser and I have no idea why, but I thank you for your input.

Thanks all.
  • neksus
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2194
  • Loc: Canada

Post 3+ Months Ago

Wow may that's some pretty concrete error trapping.
  • may
  • Proficient
  • Proficient
  • User avatar
  • Posts: 328
  • Loc: Holland [NL]

Post 3+ Months Ago

While debugging it might be nice sometime to see where the error's occur ;)
but thx :)
  • may
  • Proficient
  • Proficient
  • User avatar
  • Posts: 328
  • Loc: Holland [NL]

Post 3+ Months Ago

simmondsjon wrote:
Neksus, I have most of your code working now and I thank you an awful lot. I will comment more tomorrow as its going past 2am and i'm shattered lol

May, your code wont show up in my browser and I have no idea why, but I thank you for your input.

Thanks all.


check your PHP.ini, it prob has "

error_reporting = E_ALL
in conjunction with,
display_errors = Off

Change
display_errors = On

And change it back when your done ;)

Also noticed;
mysql_select_db("$db_name"
It should be "mysql_select_bd($db_name, $link)"

Regards,

Post Information

  • Total Posts in this topic: 45 posts
  • Users browsing this forum: No registered users and 91 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.