Zepo. Posted June 1, 2007 Share Posted June 1, 2007 We've been having problems with the database getting played around with. So can someone go through for security holes please, ftb2.elitebattles.com/standings.php Thanks so much -Zepo. Link to comment https://forums.phpfreaks.com/topic/53918-security-issues/ Share on other sites More sharing options...
agentsteal Posted June 2, 2007 Share Posted June 2, 2007 Cross Site Scripting: http://ftb2.elitebattles.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://ftb2.elitebattles.com/manager.php?login[id]='<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://ftb2.elitebattles.com/report.php?login[id]='<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://ftb2.elitebattles.com/cgi-sys/scgiwrap/ SQL Error: http://ftb2.elitebattles.com/standings.php?ladder[id]=9&ladder[rank]=' User Enumeration: http://ftb2.elitebattles.com/~burly Link to comment https://forums.phpfreaks.com/topic/53918-security-issues/#findComment-266734 Share on other sites More sharing options...
kenrbnsn Posted June 2, 2007 Share Posted June 2, 2007 To protect links from the forum software, either put them in blocks or surround them with [nobbc][/nobbc] tags. Ken Link to comment https://forums.phpfreaks.com/topic/53918-security-issues/#findComment-266835 Share on other sites More sharing options...
kathas Posted June 2, 2007 Share Posted June 2, 2007 for the problem caused in agantsteal's last post... You haven't put the number in single quotes in your sql query. It looks like this `rank` = (number) while it should look like this `rank` = '(number)' or you could force the (number) to be really a number <?php $number = (int)$_GET['rank']; //this returns 0 when not a numeric value is assigned ?> Link to comment https://forums.phpfreaks.com/topic/53918-security-issues/#findComment-266875 Share on other sites More sharing options...
Zepo. Posted June 2, 2007 Author Share Posted June 2, 2007 Im guessing then it would be somewhere in here: if(!$ladder[rank]){ $ladder[rank]="1"; } $ladder[rank]=($ladder[rank] - 1); if ($ladder[unranked]){ $rcount="-"; }else{ $rcount="$ladder[rank]"; } if($ladder[unranked]){ $whereranked="WHERE rank < 1"; $rankswitch="Showing Unranked $teamsword :: <a href='$config[scripturl]/standings.php?ladder[id]=$ladder[id]&ladder[unranked]=0'><font face='verdana' size='-2' color='#FFFFFF'>[Ranked]</a>"; }else{ $whereranked="WHERE rank > 0"; $rankswitch="Showing Ranked $teamsword :: <a href='$config[scripturl]/standings.php?ladder[id]=$ladder[id]&ladder[unranked]=1'><font face='verdana' size='-2' color='#FFFFFF'>[unranked]</a>"; } Link to comment https://forums.phpfreaks.com/topic/53918-security-issues/#findComment-266993 Share on other sites More sharing options...
Recommended Posts