Jump to content

Recommended Posts

In the code for a script i'm using on my website it has code to prevent SQL Code injection, but for some reason everytime you go to a page with this code in it I get an email about a Hacking Attempt.

 

The Code is:

//This prevents SQL Code injection / XSS Attacks. 

function replace_meta_chars($string){ 
	return @eregi_replace("([*])|([|])|([;]|([`])","",$string); 
} 

while(list($keyx,$valuex) = each($_REQUEST)){ 
	if(eregi("([*])|([|])|([;])",$valuex)){ 
		mail($set['contact_email'],"Hack Alert","There's been a SQL Injection hacking attempt. $HTTP_REFERRER $REMOTE_ADDR","FROM:".$ir['email']); 
		echo "test";
	} 
} 

reset ($_REQUEST); 
while(list($keyx,$valuex) = each($_REQUEST)){ 
	${$keyx} = replace_meta_chars($valuex); 
}
//end anti SQL XSS script

 

I've been studying this code and can't figure out why it keeps sending me an email.

Link to comment
https://forums.phpfreaks.com/topic/168822-prevent-sql-code-injection/
Share on other sites

Where did you get that code? Seems more complicated than it needs to be. Specifically this line:

while(list($keyx,$valuex) = each($_REQUEST)){

 

I think it could be simplified as

foreach ($_REQUEST as $keyx => $valuex)

 

In any event, I don't see anything 'logically' wrong with the test being done. But, the REQUEST variable contains all data in POST, GET and COOKIE. If there is anything in only one of those variables that does contains one of the disallowed characters you will receive an email.

 

Personally, that is a stupid test in my opinion. Did you tell the user they can't use those characters? Even so, why should you care if someone does use those characters? Your code should properly handle those characters using mysql_real_escape_string() function. So, there is no reason to disallow those characters or even do a "hack" check.

 

But, if you really want to know why you are getting the emails, just add additional information to the email to identify the variable and value where the error is being triggered.

	while(list($keyx,$valuex) = each($_REQUEST)){ 
	if(eregi("([*])|([|])|([;])",$valuex)){
		$msg = "There's been a SQL Injection hacking attempt. $HTTP_REFERRER $REMOTE_ADDR\n\n";
		$msg .= "Key: $keyx\n Value: $valuex";
		mail($set['contact_email'],"Hack Alert", $msg,"FROM:".$ir['email']); 
		echo "test";
	} 
} 

 

However the REQUEST variable won't be able to tell you where that key/value is coming from (i.e. POST, GET, COOKIE).

You paid for that?  ;D  Well, then, use it if you wish.

 

I also think that code is less than optimal based upon the fact that one page load can cause multiple emails if multiple values have the disallowed characters. I would consider one request with multiple questionable values as a single "hack" attempt.

 

Well, the results you received show that there is a key in either POST, GET or COOKIE of the name '__utmz' with a value of:

 

265474251.1249069436.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

 

You will have to determine if you need/want that value and take appropriate action. Either take out the code that creates that value, modify it to not use the | character, remove the "hack" validation script, etc. etc.

 

EDIT: A quick google search seems to indicate that value is a cookie and is related to Google Analytics.

Yes, but to be honest, after doing a little more digging the whole "PTC" thing seems a little shady to me. All I found were numerous forum posts of immature arguments over which PTC script was the best and which ones have been "nulled", etc. Plus, there were numerous references to torrents and warez. I'm not comfortable in helping you to do something that may not be above board.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.