What is User Enumeration? How do i prevent it?

[tommyda]

I am stuck and cannot find any information online about User Enumeration and what i should do to prevent it

 

can anyone help me

[teng84]

Enumeration ???

[L]

User Enumeration:

some mysql injection thing probably...I need help with that too...guys over at beta testing test against this so prevention is needed!!

[darkfreaks]

MYSQL why not just use strip_tags and mysql_real_escape_string? ???

[L]

I know, I did use both...but it says for me

 

User Enumeration: http://infinitevortex.6te.net/~root/

 

 

[teng84]

bad i dont know whats that @&*^!@ can any body explain that thing

[darkfreaks]

An enumeration. A string object that can have only one value, chosen from the list of values 'value1', 'value2', ..., NULL or the special '' error value. An ENUM column can have a maximum of 65,535 distinct values. ENUM values are represented internally as integers.

 

[teng84]

i that what they mean hmm SQL i never thought they mean SQL ENUM

[darkfreaks]

yeah its SQL ENUM

 

he just needs an example of how to do it

 

 

use something like

 

 

<?php

$sql = "SHOW COLUMNS FROM members LIKE 'membertype'";
$qry = mysql_query($sql);
$res = mysql_fetch_object($qry);
// This returns a row with a field 'Type' containing 'enum(...)'

$res->Type = str_replace('enum', 'array', $res->Type);

eval(" \$memberTypes = $res->Type; ");


foreach($memberTypes as $type) {
echo "<option...etc."
}


?>