Jump to content

Need help with PHP / MSQL


NegativeAttitude

Recommended Posts

Hi, i'm new on this forum.

I have some kind of school project and i need to fix the security issues in 5 PHP scripts, it includs SQL injection/Path Traversal/XSS, i have already filtered most of the "faults", problem is that i cant find the right solution's. (mysql_escape_string etc.. )

Can somebody have a look and maybe help me?

 

This are the 5 scripts:

 

Index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/>

<link rel="stylesheet" type="text/css" href="contents.php?file=style.css" media="screen"/>

<title>What's up</title>

</head>

<body>

<div class="top">

<div class="header">

                        <div class="left"></div>

                        <div class="right">

                                               <h2>What's up</h2>

                                               <p>Deze website maakt onderdeel uit van een Certified Secure challenge en wordt beveiligd door de beste specialisten.</p>

                        </div>

</div>

</div>

<div class="container">

<div class="main">

                        <div class="content">

                                               <h1>This is up</h1>

<?

mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh");

mysql_select_db("whatsupVvHbE9");

 

    $result = mysql_query("SELECT name, site, message, `when` FROM messages");

 

while($res = mysql_fetch_assoc($result)) {

?>

                                               <div class="descr"><?=$res['when']?> door <a href=<?=$res['site']?>><?=$res['name']?></a></div>

                                               <blockquote>

                                               <p><?=$res['message']?></p>

                                               </blockquote>

<?

    }

?>

                                               <h1>Vertel zelf</h1>

                                               <form method="POST" action="add.php">

                                               <label for="name">Naam</label><input type="text" name="name" id="name"/>

                                               <div class="clearer"></div>

                                               <label for="website">Website</label><input type="text" name="website" id="website"/>

                                               <div class="clearer"></div>

                                               <label for="message">What's up</label><textarea name="message" id="message"></textarea>

                                               <div class="clearer"></div>

                                               <label for="submit"></label><input type="submit" id="submit"/>

                                               </form>

                        </div>

                        <div class="sidenav">

                                               <h2>Zoek</h2>

                                               <form method="GET" action="search.php">

                                               <input type="text" name="search" size="16"/><input type="submit" value="zoek"/>

                                               </form>

                                               <h2>Over</h2>

                                               <p>Op deze website mag iedereen vertellen hoe het met hem of haar gaat. Slechte dag gehad omdat je site is gekraakt? Ontslagen? Of juist een nieuwe baan als Security Officer? Laat het weten!</p>

                        </div>

                        <div class="clearer"><span></span></div>

</div>

<div class="footer">©2013 What's up. Template design door<a href="http://arcsin.se">Arcsin</a></div>

</body>

</html>

----------------------------------------------------------------------------------------------------------------------------------

add.php

 

<?

mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh");

mysql_select_db("whatsupVvHbE9");

 

if (!isset($_POST['name']) ||

                !isset($_POST['website']) ||

                !isset($_POST['message'])) {

                print 'Niet alle velden zijn ingevuld';

                exit;

    }

 

    $result = mysql_query("INSERT INTO messages (name, site, message) VALUES ('" .

                $_POST['name'] . "','" . $_POST['website'] . "','" .

                $_POST['message'] . "')");

 

if (!$result) {

                print 'Fout_IN_SQL';

                exit;

    }

 

    $id = mysql_insert_id();

 

header("Location: view.php?id=" . intval($id));

?>

-----------------------------------------------------------------------------------------------------------------------------

View.php

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/>

<link rel="stylesheet" type="text/css" href="contents.php?file=style.css" media="screen"/>

<title>What's up</title>

</head>

<body>

<div class="top">

<div class="header">

                        <div class="left"></div>

                        <div class="right">

                                               <h2>What's up</h2>

                                               <p>Deze website maakt onderdeel uit van een Certified Secure challenge en wordt beveiligd door de beste specialisten.</p>

                        </div>

</div>

</div>

<div class="container">

<div class="main">

                        <div class="content">

                                               <h1>Bekijken_MESSAGE</h1>

<?

mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh");

mysql_select_db("whatsupVvHbE9");

 

 

if (isset($_GET['id'])) {

                        $result = mysql_query("SELECT name, site, message, `when` FROM messages WHERE id = " . $_GET['id']);

                        $res = mysql_fetch_assoc($result);

?>

                                               <div class="descr"><?=$res['when']?> by <a href=<?=$res['site']?>><?=$res['name']?></a></div>

                                               <blockquote>

                                               <p><?=$res['message']?></p>

                                               </blockquote>

<?

    }

?>

                                               <h1>Vertel zelf</h1>

                                               <form method="POST" action="add.php">

                                               <label for="name">Naam</label><input type="text" name="name" id="name"/>

                                               <div class="clearer"></div>

                                               <label for="website">Website</label><input type="text" name="website" id="website"/>

                                               <div class="clearer"></div>

                                               <label for="message">What's up</label><textarea name="message" id="message"></textarea>

                                               <div class="clearer"></div>

                                               <label for="submit"></label><input type="submit" id="submit"/>

                                               </form>

                        </div>

                        <div class="sidenav">

                                               <h2>Zoek</h2>

                                               <form method="GET" action="search.php">

                                               <input type="text" name="search" size="16"/><input type="submit" value="zoek"/>

                                               </form>

                                               <h2>Over</h2>

                                               <p>Op deze website mag iedereen vertellen hoe het met hem of haar gaat. Slechte dag gehad omdat je site is gekraakt? Ontslagen? Of juist een nieuwe baan als Security Officer? Laat het weten!</p>

                        </div>

                        <div class="clearer"><span></span></div>

</div>

<div class="footer">©2013 What's up. Template design door<a href="http://arcsin.se">Arcsin</a></div>

</div>

</body>

</html>

-----------------------------------------------------------------------------------------------------------------------------

Contents.php

 

<?

 

if (!isset($_GET['file'])) {

exit;

}

 

if (substr($_GET['file'], -4, 4) == '.css') {

header('Content-type: text/css');

}

 

if (substr($_GET['file'], -4, 4) == '.png') {

header('Content-type: image/png');

}

 

if (substr($_GET['file'], -4, 4) == '.gif') {

header('Content-type: image/gif');

}

 

if (substr($_GET['file'], -4, 4) == '.jpg') {

header('Content-type: image/jpeg');

}

 

if (file_exists("/var/www/contents/" . $_GET['file'])) {

printfile_get_contents("/var/www/contents/" . $_GET['file']);

}

----------------------------------------------------------------------------------------------------------------------------

 

Search.php

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=iso-8859-1"/>

<link rel="stylesheet" type="text/css" href="contents.php?file=style.css" media="screen"/>

<title>What's up</title>

</head>

<body>

<div class="top">

<div class="header">

                        <div class="left"></div>

                        <div class="right">

                                               <h2>What's up</h2>

                                               <p>Deze website maakt onderdeel uit van een Certified Secure challenge en wordt beveiligd door de beste specialisten.</p>

                        </div>

</div>

</div>

<div class="container">

<div class="main">

                        <div class="content">

                                               <h1>ResultaatS_SEARCH</h1>

<?

mysql_connect("localhost", "whatsupXPs1Zo", "Q0Z078mhfEw5Msvh");

mysql_select_db("whatsupVvHbE9");

 

if (isset($_GET['search'])) {

                        $result = mysql_query("SELECT name, site, message, `when` FROM messages WHERE message LIKE '%" . $_GET['search'] . "%'");

 

                        while($res = mysql_fetch_assoc($result)) {

?>

                                               <div class="descr"><?=$res['when']?> door <a href=<?=$res['site']?>><?=$res['name']?></a></div>

                                               <blockquote>

                                               <p><?=$res['message']?></p>

                                               </blockquote>

<?

                        }

    }

?>

                                               <h1>Vertel zelf</h1>

                                               <form method="POST" action="add.php">

                                               <label for="name">Naam</label><input type="text" name="name" id="name"/>

                                               <div class="clearer"></div>

                                               <label for="website">Website</label><input type="text" name="website" id="website"/>

                                               <div class="clearer"></div>

                                               <label for="message">What's up</label><textarea name="message" id="message"></textarea>

                                               <div class="clearer"></div>

                                               <label for="submit"></label><input type="submit" id="submit"/>

                                               </form>

                        </div>

                        <div class="sidenav">

                                               <h2>Zoek</h2>

                                               <form method="GET" action="search.php">

                                               <input type="text" name="search" size="16"/><input type="submit" value="zoek"/>

                                               </form>

                                               <h2>Over</h2>

                                               <p>Op deze website mag iedereen vertellen hoe het met hem of haar gaat. Slechte dag gehad omdat je site is gekraakt? Ontslagen? Of juist een nieuwe baan als Security Officer? Laat het weten!</p>

                        </div>

                        <div class="clearer"><span></span></div>

</div>

<div class="footer">©2013 What's up. Template design door<a href="http://arcsin.se">Arcsin</a></div>

</body>

</html>

Thanks in advance!

 

NA

 

Link to comment
Share on other sites

we can only help you with specific questions and the specific code concerning each specific question.

 

by just dumping multiple files and hundreds of lines of code on a forum, not posted using the forum's 


bbcode tags, no one is going to help you for free.

 

you need to pick one problem at a time and troubleshoot what's happening to narrow down and just post the code that's relevant to that problem.

 

randomly trying a bunch of different things, without a targeted purpose and goal for each of the things you try, generally doesn't produce any results. if you have a problem with sql injection, you need to do things that are relevant to the portion of your code where the sql query is being built and executed.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.