Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
3
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Author: Reality Software
Website: http://www.realitysoftware.ca
Note: This is a free template released under the Creative Commons Attribution 3.0 license,
which means you can use it in any way you want provided you keep the link to the author
intact.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style.css" rel="stylesheet" type="text/css" /></head>
<body>
<!-- header -->
<div id="header">
<div id="logo"><a href="index.html">Header</a></div>
<div id="menu">
<ul>
<li><a href="index.html">Home</a></li>
<li><a href="">Link 1</a></li>
<li><a href="">Link 2</a></li>
<li><a href="">Link 3</a></li>
<li><a href="">Contact</a></li>
<li><a href="guestbook.php">Guestbook</a></li>
</ul>
</div>
</div>
<div id="icon"><a href="twitter.com/">
<img border="0" src="http://www.000webhost.com/forum/images/twitter.png" alt="twitter"
width="58px;" height="53px;" />
</a></div>
<!--end header -->
<!-- main -->
<div id="main">
<div id="content">
<div id="text">
<h1><strong>Guestbook</strong></h1>
</div>
<?php
function hackerDefense(){
// begin hacker defense
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*cookie.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*alert.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*php.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*]*>", $secvalue))) {
die ("There was a problem with your post. Please do not include
code.");
}
}
// end hacker defense
}
function clean($input) {
//remove whitespace...
$input = trim($input);
//disable magic quotes...
$input = get_magic_quotes_gpc() ? stripslashes($input) : $input;
//prevent sql injection...
$input = is_numeric($input) ? intval($input) : mysql_real_escape_string($input);
//prevent xss...
$input = htmlspecialchars($input);
return $inp
}
$mysql_host = "mysql17.000webhost.com";
$mysql_database = "a7560006_guest";
$mysql_user = "a7560006_host";
$mysql_password = "lucky1995";
// Connect to server and select database.
mysql_connect("$mysql_host", "$mysql_user", "$mysql_password") or die("cannot connect
server");
mysql_select_db("$mysql_database") or die("cannot select DB");
$tbl_name="guestbook"; // Table name
$name = mysql_real_escape_string clean($_POST['name']);
$comment = mysql_real_escape_string clean($_POST['comment']);
$comment = stripslashes($comment);
$name = stripslashes($name);
$comment = str_replace("<","<",$comment);
$name = str_replace("<","<",$name);
$datetime=date("M-d-Y h:i:s A"); //date time
$verif_box = mysql_real_escape_string clean($_POST['verif_box']);
if(md5($verif_box).'a4xn' != $_COOKIE['tntcon']){ ?>
<table width="400" border="0" align="center">
<tr><td align="center"><h4>You have not entered captcha or entered incorrect
captcha!</h4></td></tr>
</table>
</div>
<!-- footer -->
<div id="footer">
<div id="left_footer">© Copyright 2011<strong> Author </strong></div>
<div id="right_footer">
<!-- Please do not change or delete this link. Read the license! Thanks. :-) -->
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality
Software</a>
</div>
</div>
<!-- end footer -->
</div>
<!-- end main -->
</body>
</html>
<?
exit;
}
if(empty($name) || empty($comment)) { ?>
<table width="400" border="0" align="center">
<tr><td align="center"><h3>Sorry, all fields are required!</h3></td></tr>
</table>
<?
} else {
$sql="INSERT INTO $tbl_name (name, comment, datetime) VALUES ('$name', '$comment',
'$datetime')";
$result=mysql_query($sql);
//check if query successful
if($result) { ?>
<table width="400" border="0" align="center">
<tr><td align="center"><h3>Thank you for signing my guestbook!</h3></td></tr>
</table>
<?
echo "<meta http-equiv='Refresh' content='1; URL=viewguestbook.php'>"; // link to view
guestbook page
} else {
echo "ERROR";
}
mysql_close();
}
?>
</div>
<!-- footer -->
<div id="footer">
<div id="left_footer">© Copyright 2011<strong> Author </strong></div>
<div id="right_footer">
<!-- Please do not change or delete this link. Read the license! Thanks. :-) -->
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality
Software</a>
</div>
</div>
<!-- end footer -->
</div>
<!-- end main -->
</body>
</html>
4 replies to this topic
#1
Posted 15 November 2011 - 07:30 PM
hoku_2000 _99
-
- Members
-
- 67 posts
Learning Programmer
I am a beginner when it comes to using injections. If someone could please check over my mysql injections, html injections, xss injections?
Back to top|
|
|
#2
Posted 16 November 2011 - 10:05 AM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
- Location:Upstate, South Carolina
- Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
- Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others
The goal is not to use them, but to prevent them. What are you trying to accomplish?
#3
Posted 16 November 2011 - 12:46 PM
SoN9ne
-
- Members
-
- 129 posts
Programmer
You want to prevent the injections...
You should use mysql_real_escape_string() in combination of string sanization to prevent sql injection.
This is an example of a way to sanitize a string.
I see you use mysql_real_escape_string() with a clean method but it looks like the shown code will not work and will throw an error.
Also, eregi has been depricated as of PHP 5.3.
this:
Also, look into using prepared statements as this will automagically prevent injections.
You should use mysql_real_escape_string() in combination of string sanization to prevent sql injection.
This is an example of a way to sanitize a string.
/**
* Sanitizes the string
* - All strings are forced to UTF-8 encoding
* @param string $string
*/
function sanitizeString($string) {
return htmlentities( (string) $string, ENT_COMPAT, "UTF-8" );
}
I see you use mysql_real_escape_string() with a clean method but it looks like the shown code will not work and will throw an error.
Also, eregi has been depricated as of PHP 5.3.
this:
$comment = stripslashes($comment);
$name = stripslashes($name);
$comment = str_replace("<","<",$comment);
$name = str_replace("<","<",$name);
seems to not be necessary as it looks like this is only to prevent injections. Also, look into using prepared statements as this will automagically prevent injections.
"Life would be so much easier if we only had the source code."
#4
Posted 16 November 2011 - 02:05 PM
wcypierre
-
- Members
-
- 10 posts
Newbie
$input = is_numeric($input) ? intval($input) : mysql_real_escape_string($input);It should be done when it runs the query though, and if its not integer then it'll give out an error due to the fact that there's no mysql_connect being called.
#5
Posted 16 November 2011 - 05:11 PM
hoku_2000 _99
-
- Members
-
- 67 posts
Learning Programmer
I am trying to accomplish guest spamming my guestbook, cross scripting, and guest putting in html.
---------- Post added at 07:11 PM ---------- Previous post was at 06:24 PM ----------
I've update my code after reading a few tutorials. Am I on the right track?
---------- Post added at 07:11 PM ---------- Previous post was at 06:24 PM ----------
I've update my code after reading a few tutorials. Am I on the right track?
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Author: Reality Software
Website: http://www.realitysoftware.ca
Note: This is a free template released under the Creative Commons Attribution 3.0 license,
which means you can use it in any way you want provided you keep the link to the author intact.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style.css" rel="stylesheet" type="text/css" /></head>
<body>
<!-- header -->
<div id="header">
<div id="logo"><a href="index.html">Header</a></div>
<div id="menu">
<ul>
<li><a href="index.html">Home</a></li>
<li><a href="">Link 1</a></li>
<li><a href="">Link 2</a></li>
<li><a href="">Link 3</a></li>
<li><a href="">Contact</a></li>
<li><a href="guestbook.php">Guestbook</a></li>
</ul>
</div>
</div>
<div id="icon"><a href="twitter.com/">
<img border="0" src="http://www.000webhost.com/forum/images/twitter.png" alt="twitter" width="58px;" height="53px;" />
</a></div>
<!--end header -->
<!-- main -->
<div id="main">
<div id="content">
<div id="text">
<h1><strong>Guestbook</strong></h1>
</div>
<?php
$input = is_numeric($input) ? intval($input) : mysql_real_escape_string($input);[COLOR=#000000][COLOR=#007700]function [/COLOR][COLOR=#0000BB]sanitizeString[/COLOR][COLOR=#007700]([/COLOR][COLOR=#0000BB]$string[/COLOR][COLOR=#007700]) {
return [/COLOR][COLOR=#0000BB]htmlentities[/COLOR][COLOR=#007700]( (string) [/COLOR][COLOR=#0000BB]$string[/COLOR][COLOR=#007700], [/COLOR][COLOR=#0000BB]ENT_COMPAT[/COLOR][COLOR=#007700], [/COLOR][COLOR=#DD0000]"UTF-8" [/COLOR][COLOR=#007700]);
} [/COLOR][/COLOR]
$preparedStatement = $db->prepare('SELECT * FROM guestbook WHERE name = :name');
$preparedStatement->execute(array(':name' => $name));
$rows = $preparedStatement->fetchAll();
$mysql_host = "localhost";
$mysql_database = "a7560006_guest";
$mysql_user = "a7560006_host";
$mysql_password = "mypassword";
// Connect to server and select database.
mysql_connect("$mysql_host", "$mysql_user", "$mysql_password") or die("cannot connect server");
mysql_select_db("$mysql_database") or die("cannot select DB");
$tbl_name="guestbook"; // Table name
$name = ($_POST['name']);
$comment = ($_POST['comment']);
$comment = stripslashes($comment);
$name = stripslashes($name);
$comment = str_replace("<","<",$comment);
$name = str_replace("<","<",$name);
$datetime=date("M-d-Y h:i:s A"); //date time
$verif_box = ($_POST['verif_box']);
if(md5($verif_box).'a4xn' != $_COOKIE['tntcon']){ ?>
<table width="400" border="0" align="center">
<tr><td align="center"><h4>You have not entered captcha or entered incorrect captcha!</h4></td></tr>
</table>
</div>
<!-- footer -->
<div id="footer">
<div id="left_footer">© Copyright 2011<strong> Author </strong></div>
<div id="right_footer">
<!-- Please do not change or delete this link. Read the license! Thanks. :-) -->
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality Software</a>
</div>
</div>
<!-- end footer -->
</div>
<!-- end main -->
</body>
</html>
<?
exit;
}
if(empty($name) || empty($comment)) { ?>
<table width="400" border="0" align="center">
<tr><td align="center"><h3>Sorry, all fields are required!</h3></td></tr>
</table>
<?
} else {
$sql="INSERT INTO $tbl_name (name, comment, datetime) VALUES ('$name', '$comment', '$datetime')";
$result=mysql_query($sql);
//check if query successful
if($result) { ?>
<table width="400" border="0" align="center">
<tr><td align="center"><h3>Thank you for signing my guestbook!</h3></td></tr>
</table>
<?
echo "<meta http-equiv='Refresh' content='1; URL=viewguestbook.php'>"; // link to view guestbook page
} else {
echo "ERROR";
}
mysql_close();
}
?>
</div>
<!-- footer -->
<div id="footer">
<div id="left_footer">© Copyright 2011<strong> Author </strong></div>
<div id="right_footer">
<!-- Please do not change or delete this link. Read the license! Thanks. :-) -->
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality Software</a>
</div>
</div>
<!-- end footer -->
</div>
<!-- end main -->
</body>
</html>
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
