Jump to content

SQL Injection Test please

richarro1234

By richarro1234
in Beta Test Your Stuff!

 Share

Recommended Posts

richarro1234 Member

richarro1234

Posted
Posted

Hey,

can some nice people test my site for SQL injection please?

i say nice people as i dont want my database to be gone when i get back from work lol.

i would just like to know what threats there are and what page(s) they are one.

 

Here is the link http://www.futurehost.org/index.php

i have added a link back to my php freaks profile, (i think i saw something saying there needed to be a link back to your profile to proove you own the site?)

 

Thanks

Rich

Link to comment
https://forums.phpfreaks.com/topic/143946-sql-injection-test-please/
Share on other sites
richarro1234 Member

richarro1234

Posted
  • Author
Posted

there,

 

its in the welcome message bit:

 

Welcome to Nosepad, the future of social networking! Sign up today and start making friends!

 

It's fast, easy and free! Sign up and get connected with all your friends! The best way to keep in touch, share photos, create groups and events!

PHP FREAKS PROFILE

Site Statistics

People Online:

Guests Online: 0

Members Online: 0

 

Cant miss it.

 

Thanks

Rich

 

Coreye Member

Coreye

Posted
Posted

Cross Site Scripting (XSS):

The 'Name' field is vulnerable to XSS attacks when editing a user's profile.

 

Cross Site Scripting (XSS):

The 'Website' field is vulnerable to XSS attacks when editing a user's profile.

 

Cross Site Scripting (XSS):

http://www.futurehost.org/search.php?q="><marquee><h1>test

 

Cross Site Scripting (XSS):

http://www.futurehost.org/index.php?note="><marquee><h1>test

 

Cross Site Scripting (XSS):

http://www.futurehost.org/mcenter.php?action=compose&name="><marquee><h1>test

 

Cross Site Scripting (XSS):

http://www.futurehost.org/mcenter.php?action=compose&subject="><marquee><h1>test

 

Cross Site Scripting (XSS):

http://www.futurehost.org/mcenter.php?note="><marquee><h1>test

 

Cross Site Scripting (XSS):

http://www.futurehost.org/editprofile.php?note="><marquee><h1>test

 

Cross Site Scripting (XSS):

http://www.futurehost.org/main.php?note="><marquee><h1>test

 

Full Path Disclosure:

http://www.futurehost.org/profile.php?id=a

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/richspri/public_html/profile.php on line 34

richarro1234 Member

richarro1234

Posted
  • Author
Posted

hmmm, ok thanks.

 

im not really sure how to hide the fuill path of a mysql error like that.

 

the rest should be pretty easy to fix.

i cant do anything now as i need to be up and at work in 7 hours.

 

Thanks for that, will get them fixed and re-post link after updated.

 

Thanks

Rich

Coreye Member

Coreye

Posted
Posted

im not really sure how to hide the fuill path of a mysql error like that.

You could do something like

if(!is_numeric($_GET['id'])) {
$_GET['id'] = '1'; /* Set the default ID to 1 if a non-numeric character is used. */
}

or 

if(!is_numeric($id)) {
$id = '1'; /* Set the default ID to 1 if a non-numeric character is used. */
}

depending on the method you use.

 

I also PMed you another security issue.

  • 2 weeks later...
  • 1 month later...
darkfreaks Advanced Member

darkfreaks

Posted
Posted

you have major injection i'll try to help best i can.

 

 

try something like:

 

<?php

function connected(){
/* Create a new mysqli object with database connection parameters */
   $mysqli = new mysqli('localhost', 'user','pass','database');

   if(mysqli_connect_errno()) {
      echo "Connection Failed: " . mysqli_connect_errno();
      exit();
   }

}

function clean($text)
{
$text=trim(mysql_real_escape_string(strip_tags($text)));
return $text;
text.=html_entities($text,ENT_QUOTES);
}

$username=clean($_POST['username']);
$password=clean($_POST['password']);

//using mysqli prepared statement to escape any other injection
$connect= connected();
$stmt=$connect ->prepare("SELECT*FROM  users WHERE username=? AND password=?");
$stmt ->bind_param('ss',$username,$pasword);
$stmt ->execute();
?>

  • 3 months later...
MadTechie Regular Member

MadTechie

Posted
Posted

Na, I don't hijack it,

 

I Just thought its funny how ignoring a problem doesn't make it go away, if you read back your see that he identified a problem on the 5th of Feb, then 16 days later he said he solved it, then a month later someone points out another problem and then 3 months after that its hijacked..

  • 4 weeks later...
bundyxc Member

bundyxc

Posted
Posted

I lol'd upon reading this. God, I love humanity.

Poor guy, that his site got hacked... but still. Better hope he had backups. ;)

 

Just curious, how would you do this with XSS? I could've sworn that XSS was just client-side, as PugJr said... how would you be able to modify files? Obviously mcenter.php, search.php, editprofile.php, and main.php were deleted (or moved). How would you do something like that with XSS?

gabasc09 Newbie

gabasc09

Posted
Posted

You cannot. Likely another hole was used.

 

Anyone knows what hole it is? In any case, the situation MadTechie wrote about 'solved.. month later someone points .. problem.. 3 months after.. hijacked..' is simply humorous. I wonder how fun it is to create a script and keep exploiting-fixing it.

gabasc09 Newbie

gabasc09

Posted
Posted

Knowing nothing about the site, and the fact that it no longer exists so we can check, makes it somewhat difficult answering that question. It could be RFI or maybe another script on the server was vulnerable. I make anything but wild guesses.

 

Still, it was somewhat a good answer.  ;D Cheers. I hope this guy isn't quitting coding over this issue. He should be racking his brains on fixing problems and not making the same mistake again.

 

*Takes down notes: RFI, another script, security exploits, bla bla*

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.