Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Basic Protection from SQL Injection
#1
SQL Injection is injecting SQL Through a Get or Post from a script into the SQL. for Example

member.php?id=6

The code for SQL may be
Code:
$id = $_GET['id']
$row= mysql_query('select * from `members` where id=$id');

This would allow the Attacker to Execute a Union Select statement.This would look like

member.php?id=' UNION SELECT concat(username,char(58),password) FROM members

A possible output would be

Affix:d8b9bb5e644429268d274cf03c6d6e06

All you would need to do is crack the hash

So how exactly do you stop this attack?

Its simple. There are many methods of protecting from SQL injection. I use 2. These are the ones Im going to teach you.

If its a simple numerical ID such as the example above Just add a Value Check. In the above code it would look like below.
Code:
$id = $_GET['id'];
if(!isnumeric($id)) { die("Good Try :)"); }
[/font]$row= mysql_query('select * from `members` where id=$id');

Now if I tried to execute my Union Statement I would get an error

Good Try Smile

Now what if you are using a string such as a search. a Union would be used the same way.

This way I would use the 'mysql_real_escape_string'

This would look like
Code:
$id = mysql_real_escape_string($_GET['id']);

This string it now Properly escaped and will not allow Succesful Execution of SQL Injection.

-------------

Thanks,
Derpec
Reply
#2
Thanks for sharing this. I know there's a flaw in a few MyBB plugins that allows SQL injection.
Reply
#3
(03-05-2013, 12:52 AM)Ominous Wrote: Thanks for sharing this. I know there's a flaw in a few MyBB plugins that allows SQL injection.

There's actually, quite a bit of sql injections inside of MyBB plugins, that's why you need to check them first, before downloading any of them.
Reply
#4
I'm always using PDO good security
Reply
#5
Yeah, this is just a basic of the security, nothing to fancy about it.
Reply
#6
Yeah, ok. But there are a lot of ways to get around this and a lot of other "Protection". I can think of several just from the top of my head.
[Image: Aw9l8YJ.png]

Add me On Skype: Tiger.kelleway
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)