Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
Hey guys,
How do you perform a php/Mysql injection attack? Also any other type of attack that can be prevented by the PROGRAMMER of the website.
Does Strip_tags() work against injections or is there a different technique that should be applied?
Thanks,
~ Zero
5 replies to this topic
#1
Posted 22 September 2009 - 02:40 PM
zeroradius
-
- Members
-
- 1,406 posts
Speaks fluent binary
Back to top|
|
|
#2
Posted 22 September 2009 - 02:52 PM
amrosama
-
- Members
-
- 8,674 posts
Writes binary right handed and hex left handed
yo homie i heard you like one-line codes so i put a one line code that evals a decrypted one line code that prints "i love one line codes"
eval(base64_decode("cHJpbnQgJ2kgbG92ZSBvbmUtbGluZSBjb2Rlcyc7"));
www.amrosama.com | the unholy methods of javascript
#3
Guest_Jordan_*
Posted 22 September 2009 - 03:30 PM
Guest_Jordan_*
Guest_Jordan_*
-
- Guests
strip_tags() will prevent JavaScript Injection also called Cross Site Scripting (XSS). There are other methods aside from strip_tags().
As the function pointed out by Amr does, you need to escape the string to prevent SQL injection. This is how it works:
If you have this query:
Which will validate users for login. A user could inject SQL by adding a ' and an OR to the SQL (by passing it as pass):
So the QUERY in your PHP would look like this:
Since 1 always equals 1, the user will be logged in as "known_user". This is mild, they could delete your entire database. Any data passed by the user is considered "tainted" and should be cleaned. If you are using MySQL use the function Amr posted above. MySQLi has its own function and there is also AddSlashes for other DBs. These functions all do a similar thing which is escape characters in strings such as '. After using said functions the SQL above will look like this:
As the function pointed out by Amr does, you need to escape the string to prevent SQL injection. This is how it works:
If you have this query:
SELECT * FROM users WHERE name='$username' AND pass='$password';
Which will validate users for login. A user could inject SQL by adding a ' and an OR to the SQL (by passing it as pass):
' OR '1'='1
So the QUERY in your PHP would look like this:
SELECT * FROM users WHERE name='known_user' AND pass='' OR '1'='1';
Since 1 always equals 1, the user will be logged in as "known_user". This is mild, they could delete your entire database. Any data passed by the user is considered "tainted" and should be cleaned. If you are using MySQL use the function Amr posted above. MySQLi has its own function and there is also AddSlashes for other DBs. These functions all do a similar thing which is escape characters in strings such as '. After using said functions the SQL above will look like this:
SELECT * FROM users WHERE name='known_user' AND pass='\' OR \'1\'=\'1';
#4
Posted 22 September 2009 - 04:55 PM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
You may want to check my fourth tutorial in the PHP section as well.
#5
Posted 23 September 2009 - 08:36 AM
John
-
- Moderators
-
- 6,321 posts
Writes binary right handed and hex left handed
zeroradius said:
Hey guys,
How do you perform a php/Mysql injection attack?
How do you perform a php/Mysql injection attack?
zeroradius said:
Also any other type of attack that can be prevented by the PROGRAMMER of the website.
#6
Posted 23 September 2009 - 08:58 AM
zeroradius
-
- Members
-
- 1,406 posts
Speaks fluent binary
I'm extremely happy that mysql_real_escape_string is how you prevent them. I built my site using that on all the input so that users could post words like I'm with out breaking the page, so i don't have to go add new functions so an insane number of input fields.
I will look into the other attack forms and find ways to protect against them.
Thanks for the help everyone,
Zero
I will look into the other attack forms and find ways to protect against them.
Thanks for the help everyone,
Zero
