richarro1234 Posted February 5, 2009 Share Posted February 5, 2009 Hey, can some nice people test my site for SQL injection please? i say nice people as i dont want my database to be gone when i get back from work lol. i would just like to know what threats there are and what page(s) they are one. Here is the link http://www.futurehost.org/index.php i have added a link back to my php freaks profile, (i think i saw something saying there needed to be a link back to your profile to proove you own the site?) Thanks Rich Link to comment Share on other sites More sharing options...
Coreye Posted February 5, 2009 Share Posted February 5, 2009 i have added a link back to my php freaks profile Where? Link to comment Share on other sites More sharing options...
richarro1234 Posted February 6, 2009 Author Share Posted February 6, 2009 top of the header, should show up at the very very top of the page. Link to comment Share on other sites More sharing options...
richarro1234 Posted February 6, 2009 Author Share Posted February 6, 2009 anyone? Link to comment Share on other sites More sharing options...
Coreye Posted February 7, 2009 Share Posted February 7, 2009 top of the header, should show up at the very very top of the page. I don't see it. Do we have to login to see it? I viewed the source and there is no PHPFreaks.com profile link. It would be best if it was on the index. Link to comment Share on other sites More sharing options...
richarro1234 Posted February 7, 2009 Author Share Posted February 7, 2009 there, its in the welcome message bit: Welcome to Nosepad, the future of social networking! Sign up today and start making friends! It's fast, easy and free! Sign up and get connected with all your friends! The best way to keep in touch, share photos, create groups and events! PHP FREAKS PROFILE Site Statistics People Online: Guests Online: 0 Members Online: 0 Cant miss it. Thanks Rich Link to comment Share on other sites More sharing options...
Coreye Posted February 8, 2009 Share Posted February 8, 2009 Cross Site Scripting (XSS): The 'Name' field is vulnerable to XSS attacks when editing a user's profile. Cross Site Scripting (XSS): The 'Website' field is vulnerable to XSS attacks when editing a user's profile. Cross Site Scripting (XSS): http://www.futurehost.org/search.php?q="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/index.php?note="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/mcenter.php?action=compose&name="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/mcenter.php?action=compose&subject="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/mcenter.php?note="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/editprofile.php?note="><marquee><h1>test Cross Site Scripting (XSS): http://www.futurehost.org/main.php?note="><marquee><h1>test Full Path Disclosure: http://www.futurehost.org/profile.php?id=a Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/richspri/public_html/profile.php on line 34 Link to comment Share on other sites More sharing options...
richarro1234 Posted February 8, 2009 Author Share Posted February 8, 2009 hmmm, ok thanks. im not really sure how to hide the fuill path of a mysql error like that. the rest should be pretty easy to fix. i cant do anything now as i need to be up and at work in 7 hours. Thanks for that, will get them fixed and re-post link after updated. Thanks Rich Link to comment Share on other sites More sharing options...
Coreye Posted February 8, 2009 Share Posted February 8, 2009 im not really sure how to hide the fuill path of a mysql error like that. You could do something like if(!is_numeric($_GET['id'])) { $_GET['id'] = '1'; /* Set the default ID to 1 if a non-numeric character is used. */ } or if(!is_numeric($id)) { $id = '1'; /* Set the default ID to 1 if a non-numeric character is used. */ } depending on the method you use. I also PMed you another security issue. Link to comment Share on other sites More sharing options...
Daniel0 Posted February 8, 2009 Share Posted February 8, 2009 i have added a link back to my php freaks profile Where? FYI, all new topics are moderated in this forum, so if you can see it then a moderator or administrator has manually approved it. Link to comment Share on other sites More sharing options...
runnerjp Posted February 19, 2009 Share Posted February 19, 2009 your able to psot comments as just a guest! Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/nosepad/public_html/profile.php on line 594 Link to comment Share on other sites More sharing options...
richarro1234 Posted February 21, 2009 Author Share Posted February 21, 2009 ok thanks, should have fixed this now, if you can still post can u let me no please. Thanks Link to comment Share on other sites More sharing options...
darkfreaks Posted April 3, 2009 Share Posted April 3, 2009 you have major injection i'll try to help best i can. try something like: <?php function connected(){ /* Create a new mysqli object with database connection parameters */ $mysqli = new mysqli('localhost', 'user','pass','database'); if(mysqli_connect_errno()) { echo "Connection Failed: " . mysqli_connect_errno(); exit(); } } function clean($text) { $text=trim(mysql_real_escape_string(strip_tags($text))); return $text; text.=html_entities($text,ENT_QUOTES); } $username=clean($_POST['username']); $password=clean($_POST['password']); //using mysqli prepared statement to escape any other injection $connect= connected(); $stmt=$connect ->prepare("SELECT*FROM users WHERE username=? AND password=?"); $stmt ->bind_param('ss',$username,$pasword); $stmt ->execute(); ?> Link to comment Share on other sites More sharing options...
xcoderx Posted July 14, 2009 Share Posted July 14, 2009 His site is hijacked how? Link to comment Share on other sites More sharing options...
MadTechie Posted July 14, 2009 Share Posted July 14, 2009 LMAO Link to comment Share on other sites More sharing options...
PugJr Posted July 15, 2009 Share Posted July 15, 2009 Lol poor him...I never realized you could hack a site just with XSS? I thought XSS only effects client side. Eg. J-script. Link to comment Share on other sites More sharing options...
xcoderx Posted July 15, 2009 Share Posted July 15, 2009 Pmpsl so Madtechie bro u the one to hijack his site??? I thought it was only a testing area never knew sites get hijacked here too hehehe. Link to comment Share on other sites More sharing options...
MadTechie Posted July 16, 2009 Share Posted July 16, 2009 Na, I don't hijack it, I Just thought its funny how ignoring a problem doesn't make it go away, if you read back your see that he identified a problem on the 5th of Feb, then 16 days later he said he solved it, then a month later someone points out another problem and then 3 months after that its hijacked.. Link to comment Share on other sites More sharing options...
xcoderx Posted July 16, 2009 Share Posted July 16, 2009 Rofl yeah and now his account suspended hehe Link to comment Share on other sites More sharing options...
bundyxc Posted August 13, 2009 Share Posted August 13, 2009 I lol'd upon reading this. God, I love humanity. Poor guy, that his site got hacked... but still. Better hope he had backups. Just curious, how would you do this with XSS? I could've sworn that XSS was just client-side, as PugJr said... how would you be able to modify files? Obviously mcenter.php, search.php, editprofile.php, and main.php were deleted (or moved). How would you do something like that with XSS? Link to comment Share on other sites More sharing options...
Daniel0 Posted August 13, 2009 Share Posted August 13, 2009 You cannot. Likely another hole was used. Link to comment Share on other sites More sharing options...
gabasc09 Posted August 13, 2009 Share Posted August 13, 2009 You cannot. Likely another hole was used. Anyone knows what hole it is? In any case, the situation MadTechie wrote about 'solved.. month later someone points .. problem.. 3 months after.. hijacked..' is simply humorous. I wonder how fun it is to create a script and keep exploiting-fixing it. Link to comment Share on other sites More sharing options...
Daniel0 Posted August 13, 2009 Share Posted August 13, 2009 Knowing nothing about the site, and the fact that it no longer exists so we can check, makes it somewhat difficult answering that question. It could be RFI or maybe another script on the server was vulnerable. I make anything but wild guesses. Link to comment Share on other sites More sharing options...
gabasc09 Posted August 14, 2009 Share Posted August 14, 2009 Knowing nothing about the site, and the fact that it no longer exists so we can check, makes it somewhat difficult answering that question. It could be RFI or maybe another script on the server was vulnerable. I make anything but wild guesses. Still, it was somewhat a good answer. Cheers. I hope this guy isn't quitting coding over this issue. He should be racking his brains on fixing problems and not making the same mistake again. *Takes down notes: RFI, another script, security exploits, bla bla* Link to comment Share on other sites More sharing options...
Recommended Posts