utspam Posted January 4, 2010 Share Posted January 4, 2010 New to all this - please be gentle. Need help with securing before testing it here. Sample code follows: ////////////////////// // CODE <?php // CONNECT TO DATABASE include "config/connect.php"; // IF A SEARCH WAS REQUESTED if (isset($_GET['search'])) { $search = $_GET['search']; $search = strip_tags($search); $search = stripslashes($search); echo "<title>Searching for $search</title>"; } echo "<img src=\"images/logo_480.jpg\"><p>"; echo "Search Listings:"; echo "<form method=\"GET\" action=\"searchpage.php\" name=\"listingssearch\">"; echo "<input type=\"text\" name=\"search\">"; echo "<input type=\"Submit\" name=\"Search\" value=\"Search\">"; echo "</form>"; echo "<p>"; if (isset($_GET['search'])) { $sql = mysql_query("SELECT * FROM links WHERE approved = '1' AND sitename LIKE '%$search%'"); while ($row = mysql_fetch_array($sql)) { $id = $row["id"]; $company = $row["sitename"]; echo "$id : $company<br />"; // MORE STUFF HERE echo "- - - - - - - - - - - -<br />"; } } ?> // CODE //////////////////// It apparently passese the XSS Me tests but not the Access Me tests: = = = = = = = = = = = = = = = Attack Details: * HTTP Method: SECCOMP The attacked page is dangerously similar to the original page. It is 100% similar. Got access to a resource that should be protected. Server response code: 200 OK. searchpage.php :: Http Method Attack Details: * HTTP Method: HEAD Got access to a resource that should be protected. Server response code: 200 OK. The attacked page is not very similar to the original page. It is 8.333% similar. = = = = = = = = = = = = = = = I want to learn so don't tell me the answers, but please point me in the right direction. Thanks in advance. _______________ Link to comment Share on other sites More sharing options...
ignace Posted January 4, 2010 Share Posted January 4, 2010 $search = stripslashes($search); Is ok if you want to output it in your title bar and magic_quotes is on. However before you insert it into the query you should addslashes Link to comment Share on other sites More sharing options...
Adam Posted January 12, 2010 Share Posted January 12, 2010 $search = stripslashes($search); I'd suggest reading up on magic quotes as it looks like you're trying to implement code using this deprecated feature. You should be applying mysql_real_escape_string to secure your input strings instead. At the moment you're $search variable is open to SQL injection; even if magic quotes is turned on you're actually removing the slashes it adds to prevent against SQL attacks. Link to comment Share on other sites More sharing options...
Recommended Posts