Jump to content


Check out our Community Blogs

hoku_2000 _99

Member Since 13 Feb 2009
Offline Last Active Nov 21 2011 07:22 PM
-----

Topics I've Started

Injections

15 November 2011 - 07:30 PM

I am a beginner when it comes to using injections. If someone could please check over my mysql injections, html injections, xss injections?


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- 
Author: Reality Software 
Website: http://www.realitysoftware.ca 
Note: This is a free template released under the Creative Commons Attribution 3.0 license,  
which means you can use it in any way you want provided you keep the link to the author 

intact. 
--> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title></title> 
<link href="style.css" rel="stylesheet" type="text/css" /></head> 
<body> 
 
 
    <!-- header --> 
    <div id="header"> 
        <div id="logo"><a href="index.html">Header</a></div> 
        <div id="menu"> 
            <ul> 
            <li><a href="index.html">Home</a></li> 
            <li><a href="">Link 1</a></li> 
            <li><a href="">Link 2</a></li> 
            <li><a href="">Link 3</a></li> 
            <li><a href="">Contact</a></li> 
        <li><a href="guestbook.php">Guestbook</a></li> 
                  </ul>    
  </div> 
</div>
<div id="icon"><a href="twitter.com/"> 
<img border="0" src="http://www.000webhost.com/forum/images/twitter.png" alt="twitter" 

width="58px;" height="53px;" /> 
</a></div> 

    <!--end header --> 
    <!-- main --> 
    <div id="main"> 
    <div id="content">   
  
  
 <div id="text"> 
                <h1><strong>Guestbook</strong></h1> 
</div> 
 
<?php   

function hackerDefense(){
    // begin hacker defense 
    foreach ($_POST as $secvalue) {
        if ((eregi("<[^>]*script.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*object.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*iframe.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*applet.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*cookie.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*meta.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*style.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*alert.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*form.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*php.*\"?[^>]*>", $secvalue)) ||
        (eregi("<[^>]*]*>", $secvalue))) {
            die ("There was a problem with your post. Please do not include 

code.");
        }
    }
    // end hacker defense
}

function clean($input) {
//remove whitespace...
$input = trim($input);
//disable magic quotes...
$input = get_magic_quotes_gpc() ? stripslashes($input) : $input;
//prevent sql injection...
$input = is_numeric($input) ? intval($input) : mysql_real_escape_string($input);
//prevent xss...
$input = htmlspecialchars($input);
return $inp
}

$mysql_host = "mysql17.000webhost.com";
$mysql_database = "a7560006_guest";
$mysql_user = "a7560006_host";
$mysql_password = "lucky1995";
 
// Connect to server and select database.
mysql_connect("$mysql_host", "$mysql_user", "$mysql_password") or die("cannot connect 

server");
mysql_select_db("$mysql_database") or die("cannot select DB");

$tbl_name="guestbook"; // Table name 
 
$name = mysql_real_escape_string clean($_POST['name']); 
$comment = mysql_real_escape_string clean($_POST['comment']); 
  
$comment  = stripslashes($comment);   
$name = stripslashes($name);   
$comment = str_replace("<","<",$comment);   
$name = str_replace("<","<",$name);   
 
$datetime=date("M-d-Y h:i:s A"); //date time   
$verif_box = mysql_real_escape_string clean($_POST['verif_box']);   
  
if(md5($verif_box).'a4xn' != $_COOKIE['tntcon']){ ?> 
<table width="400" border="0" align="center">    
<tr><td align="center"><h4>You have not entered captcha or entered incorrect 

captcha!</h4></td></tr>      
</table>  
        
</div>  
     <!-- footer --> 
    <div id="footer"> 
    <div id="left_footer">© Copyright 2011<strong> Author </strong></div> 
    <div id="right_footer"> 
 
<!-- Please do not change or delete this link. Read the license! Thanks. :-) --> 
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality 

Software</a> 
 
    </div> 
    </div> 
    <!-- end footer --> 
    </div>           
    <!-- end main --> 
     
</body> 
</html> 
 
<? 
exit;  
} 
 
if(empty($name) || empty($comment)) { ?>    
  <table width="400" border="0" align="center">    
  <tr><td align="center"><h3>Sorry, all fields are required!</h3></td></tr>      
  </table>    
<?      
} else {    
 
$sql="INSERT INTO $tbl_name (name, comment, datetime) VALUES ('$name', '$comment', 

'$datetime')";   
$result=mysql_query($sql);   
 
//check if query successful   
if($result) { ?>  
<table width="400" border="0" align="center">    
<tr><td align="center"><h3>Thank you for signing my guestbook!</h3></td></tr>      
</table>    
<?   
echo "<meta http-equiv='Refresh' content='1; URL=viewguestbook.php'>";  // link to view 

guestbook page   
} else {   
echo "ERROR";   
}   
 
mysql_close();  
}  
?> 
 
</div>  
 
     <!-- footer --> 
    <div id="footer"> 
    <div id="left_footer">© Copyright 2011<strong> Author </strong></div> 
    <div id="right_footer"> 
 
<!-- Please do not change or delete this link. Read the license! Thanks. :-) --> 
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality 

Software</a> 
 
    </div> 
    </div> 
    <!-- end footer --> 
    </div>           
    <!-- end main --> 
 
</body> 
</html>


Guestbook shows "Error"

14 November 2011 - 06:07 PM

http://starr05.comul...m/guestbook.php <---My link


When I actually try to sign my guestbook, I get my error message and it wont let me sign it. Not sure what I did wrong.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Author: Reality Software
Website: http://www.realitysoftware.ca
Note: This is a free template released under the Creative Commons Attribution 3.0 license, 
which means you can use it in any way you want provided you keep the link to the author 

intact.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style.css" rel="stylesheet" type="text/css" /></head>
<body>


    <!-- header -->
    <div id="header">
        <div id="logo"><a href="index.html">Header</a></div>
        <ul id="menu">
            <ul>
            <li><a href="index.html">Home</a></li>
            <li><a href="">Link 1</a></li>
            <li><a href="">Link 2</a></li>
            <li><a href="">Link 3</a></li>
            <li><a href="">Contact</a></li>
        <li><a href="guestbook.php">Guestbook</a></li>
                  </ul>
<div id="icon"><a href="twitter.com/">
<img border="0" src="http://www.000webhost.com/forum/images/twitter.png" alt="twitter" 

width="58px;" height="53px;" />
</a></div>

   
  </div>
    <!--end header -->
    <!-- main -->
    <div id="main">
    <div id="content">  
 
 
 <div id="text">
                <h1><strong>Guestbook</strong></h1>
</div>

<?php  
$mysql_host = "localhost";
$mysql_database = "a7560006_guest";
$mysql_user = "a7560006_host";
$mysql_password = "mypassword";

// Connect to server and select database.
mysql_connect("$mysql_host", "$mysql_user", "$mysql_password") or die("cannot connect 

server");
mysql_select_db("$mysql_database") or die("cannot select DB");

$name = $_POST['name'];   
$comment = $_POST['comment'];   
$comment  = stripslashes($comment);   
$name = stripslashes($name);   
$comment = str_replace("<","<",$comment);   
$name = str_replace("<","<",$name);   

$datetime=date("M-d-Y h:i:s A"); //date time   
$verif_box = $_POST['verif_box'];  
  
if(md5($verif_box).'a4xn' != $_COOKIE['tntcon']){ ?> 
<table width="400" border="0" align="center">    
<tr><td align="center"><h4>You have not entered captcha or entered incorrect 

captcha!</h4></td></tr>      
</table>  
        
</div>  
     <!-- footer --> 
    <div id="footer"> 
    <div id="left_footer">© Copyright 2011<strong> Author </strong></div> 
    <div id="right_footer"> 

<!-- Please do not change or delete this link. Read the license! Thanks. :-) --> 
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality 

Software</a> 

    </div> 
    </div> 
    <!-- end footer --> 
    </div>           
    <!-- end main --> 
     
</body> 
</html> 

<? 
exit;  
} 

if(empty($name) || empty($comment)) { ?>    
  <table width="400" border="0" align="center">    
  <tr><td align="center"><h3>Sorry, all fields are required!</h3></td></tr>      
  </table>    
<?      
} else {    

$sql="INSERT INTO $tbl_name (name, comment, datetime) VALUES ('$name', '$comment', 

'$datetime')";   
$result=mysql_query($sql);   

//check if query successful   
if($result) { ?>  
<table width="400" border="0" align="center">    
<tr><td align="center"><h3>Thank you for signing my guestbook!</h3></td></tr>      
</table>    
<?   
echo "<meta http-equiv='Refresh' content='1; URL=viewguestbook.php'>";  // link to view 

guestbook page   
} else {   
echo "ERROR";   
}   

mysql_close();  
}  
?> 

</div>  

     <!-- footer --> 
    <div id="footer"> 
    <div id="left_footer">© Copyright 2011<strong> Author </strong></div> 
    <div id="right_footer"> 

<!-- Please do not change or delete this link. Read the license! Thanks. :-) --> 
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality 

Software</a> 

    </div> 
    </div> 
    <!-- end footer --> 
    </div>           
    <!-- end main --> 

</body> 
</html>
?>

Alert Box problem

08 November 2011 - 08:10 PM

I have a working guestbook, but right now, say if you leave the captcha field empty, the alert box shows up correctly, but there is a horizontal grey area underneath the "Guestbook" header. I am trying to get rid of that and dont know how?

Here is my link.

http://starr05.comul...m/guestbook.php

Security of a guestbook

06 November 2011 - 08:02 PM

I've made a guestbook, right now it works fine, but the downside is that it can easily be hacked. How can I encode the special characters so that it doesnt get hacked?

How to display contents in a div side by side instead of on top of each other?

27 October 2011 - 06:58 PM

I was cleaning up my code a bit and decided to put my two paragraphs into two columns and float them to the left of my image. In cleaning up my code and trying to put my paragraphs into one div, my paragraphs ended up being underneath my image instead of to the right. Not sure if I did something wrong in my css.


/* body */
body {
 margin:114px 0 0 0; 
line-height:15px; 
font-family: Tahoma, Arial; 
background: url(images/body_top_bckg.jpg) no-repeat center top #171c20; 
color:#bed7e6; 
font-size:11px;
}

a { 
color:#018BC1;
}
a:hover { 
text-decoration:none;
}
#header {}
#logo { 
padding:30px 0 120px 0;
color:#fff; 
text-align:center;
}


/* logo */
#logo a{ 
color:#fff; 
text-decoration:none; 
font-weight:bold; 
font-size:24px; 
text-transform:uppercase; 
}

/* Menu */
#menu {
color:#fff; 
text-align:center; 

}
#menu ul {
text-align:center;
list-style:none; 
padding:0;
}
#menu ul li {
display:inline
}
#menu ul a { 
font-weight:bold; 
font-size:14px; 
text-decoration:none; 
color:#fff; 
background-color:#445d6c; 
padding:0 10px 2px 10px;
}
#menu ul a:hover 
{ 
background-color:#f26513;
}

/* Main */
#main {
background: url(images/body_all_bckg.jpg) repeat-y top center;

}
#content {
width: 780px; 
margin:0 auto;
overflow:hidden;
margin-bottom:3cm;
}

/* Text */
#text {
    float: right;
    width: 760px;
    margin-top:1cm;
}
#text p {
 margin:7px 0 7px 0;
}

#text li {
background:url(images/li.gif) no-repeat 0px 7px;
}

h1 {
margin:30px 0 0 0; 
padding:5px 0 7px 45px; 
text-transform:uppercase; 
font-size:25px; color:#fff; 
background:url(images/h1_bckg.jpg) no-repeat;
float:left;
}

/* Footer */

#footer {
background:url(images/footer_bckg.jpg) no-repeat top center; 
height:102px; clear:both; 
width:780px; 
margin:0 auto; 
}
#left_footer {
 float:left;
 padding:60px 0 0 30px; 
color:#fff; font-size:12px;
}
#left_footer a { 
color:#fff;
}
#left_footer a:hover { 
text-decoration:none;
}
#right_footer { 
float:right;  
padding:60px 30px 0 0; 
color:#fff;  
font-size:12px; text-align:right;
}
#right_footer a { 
color:#fff;
}
#right_footer a:hover { 
text-decoration:none;
}

#content .inner_copy {
border:0;color:#f00;
float:left;
width:50%!important;
margin:-202px 0 0 0;
overflow:hidden;
line-height:0;
padding:0;
font-size:12px

}

/* gallery */
    .row img {
        margin: 2px;
        border: 1px solid #0000ff;
        clear: both;
        width: 100px;
        height: 90px;
        margin-left:3px;
    }
     
    .first
    {
        float: right;
        text-align: center;
    } 
         
    .last {
        border: 1px solid #ffffff;
        float: right;
    }
     
    .desc
    {
        text-align: center;
        font-weight: normal;
        width: 120px;
        margin: 10px;
    }


/* image */
#image {
width: 400px;
}
img.floatLeft { 
    float: left; 
    margin: 4px;
}

/* paragraphs */
#p {
    float: left;  
    margin-right: 4px;
    padding-left: 20px;
    font-size:12pt;
}

/* Divider */
#div {
float: right; 
width: 20px; 
margin-right: 1px;
height: 200px;
}

/* Icon */
#icon {
text-align:center;
}
#container {
margin: 20px auto 900px auto;
width: 1000px;
}
aside {
width: 400px;
float: left;
}
section {
margin: 0;
padding: 0 0 20px 0;
overflow: auto;
text-align: left;
}
p {
margin: 0 50px 10px;
text-indent: 20px;
}





<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Author: Reality Software
Website: http://www.realitysoftware.ca
Note: This is a free template released under the Creative Commons Attribution 3.0 license, 
which means you can use it in any way you want provided you keep the link to the author intact.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style.css" rel="stylesheet" type="text/css" /></head>
<body>


    <!-- header -->
    <div id="header">
        <div id="logo"><a href="#">Header</a></div>
        <div id="menu">
            <ul>
            <li><a href="#">Home</a></li>
            <li><a href="#">Link 1</a></li>
            <li><a href="#">Link 2</a></li>
            <li><a href="#">Link 3</a></li>
            <li><a href="#">contact</a></li>
        <li><a href="#">Guestbook</a></li>
            
                  </ul>
<img src="images/twitter.png" height="49px;"/>

   
      </div>
  </div>
    <!--end header -->
    <!-- main -->
    <div id="main">
    <div id="content">

   
 <div id="text">
                <h1><strong>Blank</strong></h1>
</div>

<img src="images/test.jpg" class="floatLeft" width="360px;" height="332px;"/>

<div id=""container">
<aside>
<h2>Header for paragraph 1</h2>
  <p>Test
     </p>
</aside>
<section>
<h2>Header for paragraph 2</h2>
<p>Test</p>
</section>

</div>
</div>


           
     <!-- footer -->
    <div id="footer">
    <div id="left_footer">© Copyright 2011<strong> Author </strong></div>
    <div id="right_footer">

<!-- Please do not change or delete this link. Read the license! Thanks. :-) -->
Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality Software</a>

    </div>
    </div>
    <!-- end footer -->
</div>
    <!-- end main -->



</body>
</html>



Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download