sql injection

[ak406]

would someone be able to test my site http://thefreebielife.com for sql injection please?

[MadTechie]

on login.php & register.php

 

i got a few

 

i didn't test to check if your server accepts union, if it does you need to clear these problems as a added drop would be a pain, or any other types on injection

 

Could not insert data because You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '96b38fb32572a57bfd7b0272a7ba6838'' at line 1

 

and

 

Could not insert data because You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"' and password='96b38fb32572a57bfd7b0272a7ba6838'' at line 1

 

ie

http://thefreebielife.com/register.php?gid='&r=111-222-1933email@address.com

 

you need to keep an eye on gid as it accepts anything

[ak406]

thanks for checking...how do i fix this

 

i made it so that it stops it if gid is not a number

[MadTechie]

$gid = (int) $_GET['gid'];

[ak406]

how could this be dangerous?

[MadTechie]

i got a SQL error that means the system passed the value to the SQL routine hence unfiltered

[agentsteal]

Cross Site Scripting:

http://www.thefreebielife.com/<marquee><h1>vulnerable</marquee>

[ak406]

ok so it gets passed to the sql but can someone use that in a dangerous way

[MadTechie]

erm.. well Yes..

[ak406]

how so like waht can be done

[rcorlew]

When you read up on sql inection you will find that people will submit almost anything into any input type fields they can in order to produce errors.

 

Since you are using or die(mysql_error()); at the end of your queries you show what types of errors are coming up.

 

You should also use this at the top of every page that is publicly visible:

 

<?php

error_reporting(0);

ini_set('register_globals', 0);

?>

 

You should not be needing to register globals if you write your scripts right. You should also hide error information in your php. Once an error is printed to the user they have your directory tree and username on the server. That is the information that a hacker needs to get your sessions in order to retreive passwords and other various sensitive information.

 

SQL injectection can allow hackers to insert code into your db that allows them to get cookie information from users and table/column information from the server itself. You may have no idea that you have been hacked until it is way too late.

 

I was doing some homework on sql incetion and xss and found that they will insert java as part of a regular for input which is loaded next time the information is viewed and executed by the users computer who more than likely will be an authenticated user and have a real name and pass word which is then mailed to a dead drop email address and then that is all she worte for your data security.

 

bottom line = sql inection very bad not filtering inputs really really really bad, the two together will definatley get you hacked sooner orlater.

 

[ak406]

thanks for all the help

 

 

i appreciate it

[davidg80]

i was able to login with: admin' OR 1='1 all personal data came up