Author | Post | |||
sniperkid |
didn't know quite where to put this but how easily do u think this could be exploited (this is part of my site btw). $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * From users WHERE username = '$username' AND password = '$password'"; also it sets a cookie with the username and password and everypage that you open is tested to see if it exists and if its correct. if you want to pm me instead of letting people exploit it then feel free. |
|||
Edited by sniperkid on 06.07.2005 11:21:03 | ||||
06.07.2005 11:20:51 |
|
|||
sebasjm |
Hi sniperkid! I'm not s o good with the exploit it! but I think I can help you, indeed I will try < > First, the best you can do when you use variables by POST, GET, Cookie, etc.... is first ask if they exist like this: $username = isset($_POST['username'])?$_POST['username']:""; $password = isset($_POST['password'])?$_POST['password']:""; so, they 2 vars will always have a value, but they cant have any value!!! What I would do is to check them for just have chars from A to Z and a to z ( or maybe 0 to 9 too ) and if it doesn't, say to the user that he put bads values. All this checks in in the server, off course. And for the cookie, I suggest to you to use PHP sessions because you have all the vars in the server side and they ( the users ) can't see any thing except the PHP session ID. Otherwise they can change the value of the vars. ( and you don't have to check if the user exist every time ) < / > I hope that it help to you And let me know if I made a mistake up there, i'm learning tooo!! Good Luck! EDIT: I almost forgot. Here is everything -----> php.net <----- SebaS! |
|||
Edited by sebasjm on 06.07.2005 13:39:41 | ||||
06.07.2005 13:36:00 |
|
|||
theblacksheep |
I would use: $username = mysql_escape_string ($_POST['username']); $password = mysql_escape_string ($_POST['password']); If you do not filter the input it might be possible to inject sql information depending on your php configuration. |
|||
24.07.2005 13:07:16 |
|
|||
alt3rn4tiv3 |
I usually check for isset() and empty() first, then I have a function which i always use (for mysql or not): function aformat($msg) { $nmsg = urlencode(addslashes(htmlspecialchars(htmlentities($msg)))); return $nmsg; } if necessary, i'll add regexp too. |
|||
24.07.2005 13:24:21 |
|
|||
diskis |
That's pretty much what I usually use... but I do store the hash in the cookie, not the real pass setcookie("usercookie",$user); setcookie("passcookie",md5sum($password)); and then check it with: sanitycheck($_COOKIE["usercookie"] // generalpurpose filter, lets through a..z and 0..9 $result= select password from users where user=$_COOKIE['usercookie'] if (md5sum($result[password]) != $_COOKIE["passcookie"]) { die("don't tamper with your cookies, please") } else { go on with code } Well, it used to add a bit security, now it's just a nuisanse, after those online reverse lookup tables for md5sums appeared |
|||
30.08.2005 20:48:01 |
|
|||
brainpower |
use less common variabls on the serverside (e.g. $uname $pswrd ) |
|||
01.09.2005 07:04:28 |
|
|||
sniperkid |
it isn't my site but from what i can understand it sets username = $username and password = $password (varibles are entered values and are not null). And on every page (on a include) bit it checks the database to see if the username and password are correct, if it is then it displays the page if it isn't then it removes the cookie and puts u back to the login page. I was thinking a bit of sql injection for the password field but no success so far. Ill keep trying . |
|||
23.01.2006 14:35:32 |
|
|||
sebasjm |
Hi brainpower using less common variables will make less readable the source code, i don't think that is a good idea. maybe denied the access to that vars and checking all the inputs, but that is all about isn't it? bye |
|||
24.01.2006 21:48:52 |
|
|||
brainpower |
hi sebasjm yes it will make the source less readable but if the find a bug in the source(example: no correct use of echo() ) thee will not find so easy the vars like your password ore something else greats Brainpower |
|||
25.01.2006 13:49:39 |
|