Soverign Posted December 13, 2006 Share Posted December 13, 2006 hi recently my login script has been php injected here is the script, and i dont know very much at all aobut php, i bought this script, here it is-:<?phpif(isset($HTTP_POST_VARS['usern'])) { $usern = strip_tags($HTTP_POST_VARS['usern']); $passw = strip_tags($HTTP_POST_VARS['passw']); setcookie("Username",$usern); setcookie("Password",$passw); header("Location: member.php"); exit();}require('dblogon.php');require('std_l.php'); ?><center><?phpif(isset($_GET['error']) && $_GET['error']=="hl") { if(isset($_GET['data']) && is_numeric($_GET['data'])) { echo "Your account is in holiday mode, and cannot be accessed for another ".$_GET['data']." ticks.<br>\n"; } else { echo "Your account is in holiday mode, and cannot be accessed.<br>\n"; }}?><table border="0" cellpadding="2px" cellspacing="0" width="300px"><form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"><?phpif(isset($_GET['forget']) && $_GET['forget']==1) { echo "<tr><td>Email address</td><td><input type=\"text\" name=\"email\" maxlength=\"200\" class=\"sdinp\"></td></tr>\n"; echo "<tr><td></td><td><input type=\"submit\" value=\"Recover\" class=\"sdbut\"></td></tr>\n";} else if(isset($_POST['email'])) { $result = mysql_query("SELECT email,username,password FROM userinf WHERE email='".$_POST['email']."' ", $db); if(mysql_num_rows($result)) { $retval = mysql_fetch_array($result); $msg = "Your account information is as follows:\n \n"; $msg.= "Username: ".$retval['username']."\n"; $msg.= "Password: ".$retval['password']."\n"; mail($retval['email'],$title.": Account info",$msg,"From: $title"); echo "<tr><td align=\"center\"><b>Your account information has been emailed to you!</b></td></tr>\n"; } else { echo "<tr><td align=\"center\"><b>Account not found!</b></td></tr>\n"; }} else { echo "<tr><td>Username</td><td><input type=\"text\" name=\"usern\" maxlength=\"50\" class=\"sdinp\"></td></tr>\n"; echo "<tr><td>Password</td><td><input type=\"password\" name=\"passw\" maxlength=\"50\" class=\"sdinp\"></td></tr>\n"; echo "<tr><td></td><td><input type=\"submit\" value=\"Log me in\" class=\"sdbut\"></td></tr>\n"; echo "<tr><td colspan=\"2\"> </td></tr>\n"; echo "<tr><td colspan=\"2\" align=\"center\"><a href=\"login.php?forget=1\">[ forgotten password? ]</a></td></tr>\n";}?></form></table></center><?php require('std_r.php'); ?>thanks, btw im a real "noob" at this,please help me someone,just maybe tell me what i can add to the code, thanks Quote Link to comment Share on other sites More sharing options...
.josh Posted December 13, 2006 Share Posted December 13, 2006 it's because you are using a posted variable directly in your query without sanitizing it. [code]$email = mysql_real_escape_string($_POST['email']);$result = mysql_query("SELECT email,username,password FROM userinf WHERE email='$email' ",[/code] Quote Link to comment Share on other sites More sharing options...
Soverign Posted December 13, 2006 Author Share Posted December 13, 2006 firstof all THANKS for the response secondlycanyou show me what and where i must add to fix it? thanmks mate Quote Link to comment Share on other sites More sharing options...
hitman6003 Posted December 13, 2006 Share Posted December 13, 2006 Crayon did.....[quote author=Crayon Violent link=topic=118511.msg484311#msg484311 date=1166043224][code]$email = mysql_real_escape_string($_POST['email']);$result = mysql_query("SELECT email,username,password FROM userinf WHERE email='$email' ",[/code][/quote] Quote Link to comment Share on other sites More sharing options...
Soverign Posted December 13, 2006 Author Share Posted December 13, 2006 sorry about that :( but whgere do iput it? do i overwrite the current section? canyoushow me a before and after of that section*EDIT* echo "<tr><td>Email address</td><td><input type=\"text\" name=\"email\" maxlength=\"200\" class=\"sdinp\"></td></tr>\n"; echo "<tr><td></td><td><input type=\"submit\" value=\"Recover\" class=\"sdbut\"></td></tr>\n"; $email = mysql_real_escape_string($_POST['email']); $result = mysql_query("SELECT email,username,password FROM userinf WHERE email='$email' ", $db);should that section look like that? and thats it? thats all i need to do to stop the php ort mysql injections? Quote Link to comment Share on other sites More sharing options...
SharkBait Posted December 14, 2006 Share Posted December 14, 2006 The section you have that looks like this:[code]<?php} else if(isset($_POST['email'])) { $result = mysql_query("SELECT email,username,password FROM userinf WHERE email='".$_POST['email']."' ", $db); if(mysql_num_rows($result)) {?>[/code] Make it look like[code]<?php} else if(isset($_POST['email'])) { $email = mysql_real_escape_string(trim($_POST['email'])); $result = mysql_query("SELECT email,username,password FROM userinf WHERE email='".$_POST['email']."' ", $db); if(mysql_num_rows($result)) {?>[/code]You're taking out anything that acn be harmful to a SQL query prior to your query itself.Just make sure you don't use the <?php and ?> like I do (that helps with color coding php in the forum) Quote Link to comment Share on other sites More sharing options...
Soverign Posted December 14, 2006 Author Share Posted December 14, 2006 great thank boys, ill get back to you on this, i apreacite the help. Hopefully he wont be injecting anymore, is there any other ways he can? Quote Link to comment Share on other sites More sharing options...
.josh Posted December 14, 2006 Share Posted December 14, 2006 well, nothing is ever 100%. There's really no way we could begin to give you an honest security assessment without looking at your script from top to bottom, and even everything else on your server, including the setup itself - which we don't really do.. but simple things like this will keep most of the little script kiddies at bay. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.