tronicsmasta Posted May 17, 2008 Share Posted May 17, 2008 Hey guys, a friend of mine and I are trying to figure out a way we could insert false data or data manipulation through the following code. We did notice that we cannot use multiple queries such as page.php?name=World'); TRUNCATE table; INSERT INTO table (col1, col2) VALUES ('Goodbye', 'World page.php <?php $con = mysql_connect("localhost","peter","abc123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con); function query($query) { mysql_query($query); } query("INSERT INTO table (col1, col2) VALUES ('Hello', '".$_GET['name']."')"); mysql_close($con); ?> thank you! Quinton Link to comment https://forums.phpfreaks.com/topic/106110-solved-exploit-me/ Share on other sites More sharing options...
Cory94bailly Posted May 18, 2008 Share Posted May 18, 2008 Ok.... What's your question? Link to comment https://forums.phpfreaks.com/topic/106110-solved-exploit-me/#findComment-543871 Share on other sites More sharing options...
947740 Posted May 18, 2008 Share Posted May 18, 2008 If I am understanding you, wou would have to start a new query. Your ) after World closes the query, so no more queries would be able to be processed, in fact, they would not be queries at all. You would have to use query() again for all of your queries. Link to comment https://forums.phpfreaks.com/topic/106110-solved-exploit-me/#findComment-543899 Share on other sites More sharing options...
tronicsmasta Posted May 18, 2008 Author Share Posted May 18, 2008 the code works. we are simply trying to find out if its insecure... or if anyone would be able to manipulate data through the $_GET portion of the code thank you! Link to comment https://forums.phpfreaks.com/topic/106110-solved-exploit-me/#findComment-544117 Share on other sites More sharing options...
phorman Posted May 18, 2008 Share Posted May 18, 2008 The code is very insecure.. You must pass any $_REQUEST, $_POST, $_GET variables through mysql_escape_string() function. Are you looking for a way someone could circumvent your current security? google SQL Injection Link to comment https://forums.phpfreaks.com/topic/106110-solved-exploit-me/#findComment-544123 Share on other sites More sharing options...
MadTechie Posted May 18, 2008 Share Posted May 18, 2008 cont. from phorman post the fix <?php $con = mysql_connect("localhost","peter","abc123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con); function query($query) { mysql_query($query); } $name = mysql_real_escape_string($_GET['name']); //Fix query("INSERT INTO table (col1, col2) VALUES ('Hello', '$name')"); mysql_close($con); ?> Link to comment https://forums.phpfreaks.com/topic/106110-solved-exploit-me/#findComment-544146 Share on other sites More sharing options...
tronicsmasta Posted May 19, 2008 Author Share Posted May 19, 2008 awesome! thanks! Quinton Link to comment https://forums.phpfreaks.com/topic/106110-solved-exploit-me/#findComment-544556 Share on other sites More sharing options...
947740 Posted May 19, 2008 Share Posted May 19, 2008 I thought you were trying to hack someone elses code. My bad. Link to comment https://forums.phpfreaks.com/topic/106110-solved-exploit-me/#findComment-544789 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.