ricmetal Posted November 27, 2008 Share Posted November 27, 2008 hi ive finaly 'finished' my db powered site ive been messing around with trying to hack it but id like someone else to try to mess with it please www.dealsadmin.co.cc thanks! Link to comment Share on other sites More sharing options...
Mchl Posted November 27, 2008 Share Posted November 27, 2008 On 'forgot password' page there is no message whether the password was sent to email provided, or email is invalid. Link to comment Share on other sites More sharing options...
Mchl Posted November 27, 2008 Share Posted November 27, 2008 You fail http://www.dealsadmin.co.cc/index.php?msg=%3Ciframe%20src=%22http://www.google.com%22%3E Although It's not really serious Link to comment Share on other sites More sharing options...
ricmetal Posted November 27, 2008 Author Share Posted November 27, 2008 You fail http://www.dealsadmin.co.cc/index.php?msg=%3Ciframe%20src=%22http://www.google.com%22%3E Although It's not really serious wth? lol good one, good one Link to comment Share on other sites More sharing options...
ricmetal Posted November 27, 2008 Author Share Posted November 27, 2008 ill gotta see what i can do with that! Link to comment Share on other sites More sharing options...
Mchl Posted November 27, 2008 Share Posted November 27, 2008 strip_tags or even better, avoid $_GET whenever possible Link to comment Share on other sites More sharing options...
Mchl Posted November 27, 2008 Share Posted November 27, 2008 The deal information is not escaped properly Input 'O'Reilly' into any field, and it will be displayed as 'O\'Reilly' Link to comment Share on other sites More sharing options...
darkfreaks Posted November 27, 2008 Share Posted November 27, 2008 SQL Injection Unsafe Variables: Email,Pwd Solution: strip_tags(),htmlspecialchars(),mysql_real_escape_string() Link to comment Share on other sites More sharing options...
ricmetal Posted November 27, 2008 Author Share Posted November 27, 2008 clearing out all these errors! thanks! Link to comment Share on other sites More sharing options...
darkfreaks Posted November 28, 2008 Share Posted November 28, 2008 let me know when ur done ill go recheck Link to comment Share on other sites More sharing options...
Coreye Posted November 28, 2008 Share Posted November 28, 2008 Includes Directory: http://www.dealsadmin.co.cc/includes/ I registered but received no activation email. Link to comment Share on other sites More sharing options...
ricmetal Posted November 28, 2008 Author Share Posted November 28, 2008 Includes Directory: http://www.dealsadmin.co.cc/includes/ I registered but received no activation email. activated. Link to comment Share on other sites More sharing options...
darkfreaks Posted November 28, 2008 Share Posted November 28, 2008 none of your SQL injection has been fixed ??? Link to comment Share on other sites More sharing options...
ricmetal Posted November 28, 2008 Author Share Posted November 28, 2008 really? i thought id made a dent somewhere... what are u doing to make the injection? Link to comment Share on other sites More sharing options...
darkfreaks Posted November 28, 2008 Share Posted November 28, 2008 are you using something like <?php // if this is the password field change this to md5($_POST['pwd']); $pwd= htmlspecialchars(mysql_real_escape_string(trim(strip_tags($_POST['pwd']))); if (eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $_POST['email'])) { echo 'valid';}else{ echo 'invalid';} ?> Link to comment Share on other sites More sharing options...
ricmetal Posted November 28, 2008 Author Share Posted November 28, 2008 nop just the real_escape edit and just using it on the username i thought the password would get md5'ed Link to comment Share on other sites More sharing options...
darkfreaks Posted November 28, 2008 Share Posted November 28, 2008 change it to that then with the email validation and md5 the password so its <?php $pwd= md5($_POST['pwd']);?> this will encrypt the password in the database for security reasons instead of a plain text password note- its bot a bad idea to use all those to strip out injection attacks before its MD5'd Link to comment Share on other sites More sharing options...
Mchl Posted November 28, 2008 Share Posted November 28, 2008 $pwd= htmlspecialchars(mysql_real_escape_string(trim(strip_tags($_POST['pwd']))); Why strip_tags and htmlspecialchars here? Link to comment Share on other sites More sharing options...
darkfreaks Posted November 28, 2008 Share Posted November 28, 2008 just extra precautions Link to comment Share on other sites More sharing options...
Hinty Posted November 28, 2008 Share Posted November 28, 2008 Unless hes fixed the SQL injection problem i dnt think its injectable Link to comment Share on other sites More sharing options...
darkfreaks Posted November 28, 2008 Share Posted November 28, 2008 he hasn't that's the problem Link to comment Share on other sites More sharing options...
Hinty Posted November 28, 2008 Share Posted November 28, 2008 I cant find a problem with it :S Link to comment Share on other sites More sharing options...
darkfreaks Posted November 28, 2008 Share Posted November 28, 2008 according to SQL inject me those variables are not safe see for yourself its a firefox addon Link to comment Share on other sites More sharing options...
Hinty Posted November 28, 2008 Share Posted November 28, 2008 Used to use SQl inject me but not a fan of it. Can you past the failed input pls? Link to comment Share on other sites More sharing options...
darkfreaks Posted November 28, 2008 Share Posted November 28, 2008 Failed Input: Server Status Code: 302 Moved Temporarily Tested value: 1' OR '1'='1 Server Status Code: 302 Moved Temporarily Tested value: 1' OR '1'='1 Server Status Code: 302 Moved Temporarily Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31 Server Status Code: 302 Moved Temporarily Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE Server Status Code: 302 Moved Temporarily Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' -- Server Status Code: 302 Moved Temporarily Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116 Server Status Code: 302 Moved Temporarily Tested value: ' OR username IS NOT NULL OR username = ' Server Status Code: 302 Moved Temporarily Tested value: 1' AND non_existant_table = '1 Server Status Code: 302 Moved Temporarily Tested value: 1'1 Server Status Code: 302 Moved Temporarily Tested value: '; DESC users; -- Server Status Code: 302 Moved Temporarily Tested value: 1 AND USER_NAME() = 'dbo' Server Status Code: 302 Moved Temporarily Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); -- Server Status Code: 302 Moved Temporarily Tested value: 1 AND 1=1 Server Status Code: 302 Moved Temporarily Tested value: 1 EXEC XP_ Server Status Code: 302 Moved Temporarily Tested value: 1'1 Server Status Code: 302 Moved Temporarily Tested value: 1' OR '1'='1 Server Status Code: 302 Moved Temporarily Tested value: 1 OR 1=1 Link to comment Share on other sites More sharing options...
Recommended Posts