[Phpwm] site critique please

Tue Jan 16 17:45:35 GMT 2007

Phil, 

David just illustrated a symptom of the problem, in a kind non obtrusive
way. 

A more malicious hacker would be tempted to try embedding commands in the
SQL, in particular commands which could grant user rights and access to
poorly configured servers. 

What David illustrated is you are taking parameters direct from the URL and
firing them straight at the database, when you should be performing a sanity
check or clean up.

In addition you should also consider the use of add slashes to negate this
problem as this would escape the apostrophe and MySQL would treat it as a
string.

Dave

-----Original Message-----
From: phpwm-bounces at mailman.lug.org.uk
[mailto:phpwm-bounces at mailman.lug.org.uk] On Behalf Of Phil Beynon
Sent: 16 January 2007 17:19
To: West Midlands PHP User Group
Subject: RE: [Phpwm] site critique please

> Phil Beynon wrote:
> > Hi all,
> >
> > Just finisheed my latest user content managed showcase site, if
> anyone on
> > the list would like to take a look and give me any feedback
> regarding any
> > aspect of it........
> >
> > http://www.ralphsutcliffeminerals.co.uk/index.php
> >
>
>
> I think it's vulnerable to SQL injection attacks, e.g.
>
> http://www.ralphsutcliffeminerals.co.uk/full_arc.php?ident=1768'888
>
> thanks
> David.
>
> --
> David Goodwin
>
> [ david at codepoets dot co dot uk ]
> [ http://www.codepoets.co.uk       ]
>

Hi David,

How?
All that's making it do is throw a MySQL error and immediately exit;

$result1 = mysql_query("SELECT * FROM page_content WHERE id = '$ident';");
if(!$result1){echo("<p>Error performing query: " . mysql_error() . "</p>");
exit();}

There's a couple of variables that come from the siteconfig, but these would
overwrite anything injected due to when they are read in.

Phil

_______________________________________________
Phpwm mailing list
Phpwm at mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/phpwm