Home   |   Register   |   Rules   |   Calendar   |   Get New   |     |  
 


If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
Go Back  dBforums > Data Access, Manipulation & Batch Languages > PHP > Sql Injection-Atack

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-15-10, 16:35
bonucci bonucci is offline
Registered User
  
Join Date: Feb 2010
Posts: 7
Sql Injection-Atack
Hi guys, i have a huge problem, my website was attaqued, it was by sql injection, the attaquer by the browser putted a quote in front to test if it was vulnerable, than start counting the columns and tables do enter the data base than it could get the admin and password of the administrative panel.

I found where the link that the attaquer did it, i see the code, but im a litlle noob, if you guys could look it i aprreciate


Hope for some orientation

PHP Code:
 <?
    session_start();
    function root($rot=""){
        if (file_exists($rot."variaveis.php")){
            return $rot;
        } else {
            $rot.="../";
            root($rot);
            //echo"*******-".$ro."-*******";
        }        
    }
    
    $root=root("../");

    if ($_REQUEST['fundo']!=""){  
        setcookie("sitespt",$_REQUEST['fundo'],time()+(60*60*24*365)); //duraĆ§Ć£o de um ano
    }
    ?>
    
    <?
        if (($_REQUEST['fundo']=='')||(!(isset($_REQUEST['fundo'])))){
            if (isset($HTTP_COOKIE_VARS["meusite.pt"])){
                $fundo=    $HTTP_COOKIE_VARS["sitespt"];
            } else {
                $fundo="preto";
            }
        } else {
            $fundo=$_REQUEST['fundo'];
        }
        if((isset($_REQUEST['opc1']))&&($_REQUEST['opc1']!="")){
            switch ($_REQUEST['opc1']){
                case 'destaques':$file="destaques.php";
                            break;
                case 'comunic':$file="comunicados.php";
                            break;
                case 'sala':$file="sala.php";
                            break;
            }
        } else {
            $file="tablenoticias.php";
        }
        include_once($root."funcoes/gerais.php");
        if ($_REQUEST['distrito']!=""){
            $distrito="&distrito=".$_REQUEST['distrito'];
        }
    
?>
Reply With Quote
  #2 (permalink)  
Old 02-15-10, 16:37
bonucci bonucci is offline
Registered User
  
Join Date: Feb 2010
Posts: 7
guys, i couldnt put the rest of the code,because here didnt let me, if you guys didnt mind could come to this link
http://www.php-pt.com/index.php?opti...4&id=3578#3578
Last edited by bonucci; 02-15-10 at 16:41.
Reply With Quote
  #3 (permalink)  
Old 02-15-10, 17:19
healdem healdem is online now
Jaded Developer
  
Join Date: Nov 2004
Location: out on a limb
Posts: 8,763
have a look at the PHP functions html entities and others
__________________
I'd rather be riding my Versys or my Tiger 800 let alone the Norton
Reply With Quote
  #4 (permalink)  
Old 02-15-10, 17:20
bonucci bonucci is offline
Registered User
  
Join Date: Feb 2010
Posts: 7
im thinking to put this function :

function sanitize($data)
{
$data = trim($data);

if(get_magic_quotes_gpc())
{
$data = stripslashes($data);
}

$data = mysql_real_escape_string($data);

return $data;
}


i dont no if it gonna work, but ill try
Reply With Quote
  #5 (permalink)  
Old 02-15-10, 17:22
bonucci bonucci is offline
Registered User
  
Join Date: Feb 2010
Posts: 7
damn, it didnt work

still having the same problem
Reply With Quote
  #6 (permalink)  
Old 02-15-10, 17:23
bonucci bonucci is offline
Registered User
  
Join Date: Feb 2010
Posts: 7
well, you could give a better hint , im a noob in this
Reply With Quote
  #7 (permalink)  
Old 02-15-10, 17:25
bonucci bonucci is offline
Registered User
  
Join Date: Feb 2010
Posts: 7
could you be more specificm, i would be apreciate
Reply With Quote
  #8 (permalink)  
Old 02-15-10, 17:35
bonucci bonucci is offline
Registered User
  
Join Date: Feb 2010
Posts: 7
i arranjed the code, i cant see the problem

<?
if (file_exists("variaveis.php")) include_once("variaveis.php");
else
if(file_exists("../variaveis.php")) include_once("../variaveis.php");
else
include_once("../../variaveis.php");
$bd=mysql_connect(HOSTNAME, USERNAME, PASSWORD)or die(mysql_error());
mysql_select_db(BASE_DE_DADOS) or die(mysql_error());

function sanitize($data)
{
// remove whitespaces (not a must though)
$data = trim($data);

// apply stripslashes if magic_quotes_gpc is enabled
if(get_magic_quotes_gpc())
{
$data = stripslashes($data);
}

// a mySQL connection is required before using this function
$data = mysql_real_escape_string($data);

return $data;
}

function devolvenoticia($id){
$sql="SELECT * FROM noticias WHERE id=".$id.";";
$query=mysql_query($sql) or die (mysql_error());
$noticia=mysql_fetch_array($query);
return $noticia;
}

function utilnoti($id){
$noticia=devolvenoticia($id);
if (is_int($noticia['utilizador'])){
$sql="SELECT * FROM acesso WHERE utilizador=".$noticia['utilizador'].";";
$query=mysql_query($sql) or die (mysql_error());
$util=mysql_fetch_array($query);
$nome=$util['Login'];
} else {
$nome=$noticia['origem'];
}
return $nome;
}

function noticias($inicio, $num, $distrito=0, $mostra=1){
$most="";
if ($mostra==1){
if ($distrito!=0){
$most=" AND conferido=1 ";
} else {
$most=" WHERE conferido=1 ";
}
} else {
$most="";
}
if ($distrito!=0){
$sql="SELECT * FROM noticias WHERE distrito=".$distrito. $most. " ORDER BY data DESC, hora DESC LIMIT ".$inicio.", ".$num.";";
} else {
$sql="SELECT * FROM noticias ".$most." ORDER BY data DESC, hora DESC LIMIT ".$inicio.", ".$num." ;";
}

$query=mysql_query($sql) or die (mysql_error());
//echo $sql;
$a=0;
while($noticia=mysql_fetch_array($query)){
$notici[$a]=$noticia;
$a++;
}
return $notici;
}

function inserenoticia($not){
$sql="INSERT INTO noticias (`data` , `titulo` , `resumo` , `mensagem` , `origem` , `utilizador` , `hora`, `urlimagem`, `tipo`, `conferido`,`validopor` ,`distrito` ) VALUES ('".$not['data']."', '".$not['titulo']."' , '".$not['resumo']."' , '".$not['mensagem']."' , '".$not['origem']."' , ".$_SESSION['user'].", '".$not['hora']."', '".$not['urlimagem']."', ".$not['tipo'].", 1,'".$_SESSION['user']."',".$not['distrito'].");";
//echo $sql;
$query=mysql_query($sql) or die (mysql_error());
//guardasql($sql,$_SESSION['user'],getdate());
}

function alteranoticia($noticia, $id){
$sql="UPDATE noticias SET data='".$noticia['data']."',`titulo` = '".$noticia['titulo']."', `resumo` ='".$noticia['topico']."', `mensagem`='".$noticia['noticia']."' ,`origem`='".$noticia['origem']."', `utilizador`='".$noticia['autor']."', `hora` = '".$noticia['hora']."', `urlimagem` = '".$noticia['urlim']."', `tipo` = '".$noticia['tipo']."', `distrito`=".$noticia['distrito']." ' where id=".$id.";";
$query=mysql_query($sql) or die (mysql_error());
guardasql($sql,$_SESSION['user'],getdate());
}

function apaganoticia($id){
$sql="DELETE FROM noticias WHERE id=".$id.";";
$query=mysql_query($sql) or die (mysql_error());
guardasql($sql,$_SESSION['user'],getdate());
}

function imagemnoticia($id){
$sql="SELECT * FROM noticias WHERE id=".$id.";";
$query=mysql_query($sql) or die(mysql_error());
$not=mysql_fetch_array($query);
if ($not['urlimagem']==""){
if (($not['tipo']=="")||(!(isset($not['tipo'])))||($not['tipo']==0)){
$imagem="";
} else {
$sqltipo="SELECT * FROM tiponoticias WHERE indice=".$not['tipo'].";";
$exetipo=mysql_query($sqltipo) or die ("Erro nas bases de dados: ".mysql_error());
$ti=mysql_fetch_array($exetipo);
$imagem=$ti['urlimagem'];
}
} else {
$imagem=$not['urlimagem'];
}
/**echo "<script>alert('".$imagem."')</script>"*/;
return $imagem;
}

function comentarios($id){
$sql="SELECT * FROM comentarios WHERE noticia=".$id.";";
$query=mysql_query($sql) or die (mysql_error());
$a=0;
while($comentario=mysql_fetch_array($query)){
$comen[$a]=$comentario;
$a++;
}
return $comen;
}

function inserecomentario($comentario, $id){
$sql="INSERT INTO `comentarios` ( `id_noticia` , `comentario` , `autor` , `data` , `hora` ) VALUES ( ".$id.", '".$comentario['mensagem']."', '".$comentario['autor']."', '".$comentario['data']."', '".$comentario['hora']."' );";
$query = mysql_query($sql) or die(mysql_error());
guardasql($sql,$_SESSION['user'],getdate());
}

function resumo($texto, $caracteres){
$texto=substr($texto, 0, $caracteres);
//echo $texto;
$pos=strrpos($texto," ");
//echo "-".$pos."-";
if ($pos==0) $pos=strlen($texto);
$texto=substr($texto,0,$pos);
//echo $texto;
return $texto."...";

}

function devolvedistritos(){
$sql="SELECT * FROM distrito ORDER BY descricao;";
$query=mysql_query($sql) or die (mysql_error());
$a=0;
while($d=mysql_fetch_array($query)){
$distrito[$a]['id']=$d['id'];
$distrito[$a]['descricao']=$d['descricao'];
$a++;
}
return $distrito;
}

function devolvetipos(){
$sql="SELECT * FROM tiponoticias ORDER BY descricao;";
$query=mysql_query($sql) or die (mysql_error());
$a=0;
while($t=mysql_fetch_array($query)){
$tipo[$a]['indice']=$t['indice'];
$tipo[$a]['descricao']=$t['descricao'];
$tipo[$a]['urlimagem']=$t['urlimagem'];
$a++;
}
return $tipo;
}
?>
Reply With Quote
  #9 (permalink)  
Old 02-15-10, 20:42
healdem healdem is online now
Jaded Developer
  
Join Date: Nov 2004
Location: out on a limb
Posts: 8,763
__________________
I'd rather be riding my Versys or my Tiger 800 let alone the Norton
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


 
Home  |   Register  |   Get New  |   FAQ's  |   Sitemap

Powered by vBulletin
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.