Results 1 to 9 of 9
  1. #1
    Join Date
    Feb 2010
    Posts
    7

    Unanswered: Sql Injection-Atack

    Hi guys, i have a huge problem, my website was attaqued, it was by sql injection, the attaquer by the browser putted a quote in front to test if it was vulnerable, than start counting the columns and tables do enter the data base than it could get the admin and password of the administrative panel.

    I found where the link that the attaquer did it, i see the code, but im a litlle noob, if you guys could look it i aprreciate


    Hope for some orientation

    PHP Code:
     <?
        session_start
    ();
        function 
    root($rot=""){
            if (
    file_exists($rot."variaveis.php")){
                return 
    $rot;
            } else {
                
    $rot.="../";
                
    root($rot);
                
    //echo"*******-".$ro."-*******";
            
    }        
        }
        
        
    $root=root("../");

        if (
    $_REQUEST['fundo']!=""){  
            
    setcookie("sitespt",$_REQUEST['fundo'],time()+(60*60*24*365)); //duração de um ano
        
    }
        
    ?>
        
        <?
            
    if (($_REQUEST['fundo']=='')||(!(isset($_REQUEST['fundo'])))){
                if (isset(
    $HTTP_COOKIE_VARS["meusite.pt"])){
                    
    $fundo=    $HTTP_COOKIE_VARS["sitespt"];
                } else {
                    
    $fundo="preto";
                }
            } else {
                
    $fundo=$_REQUEST['fundo'];
            }
            if((isset(
    $_REQUEST['opc1']))&&($_REQUEST['opc1']!="")){
                switch (
    $_REQUEST['opc1']){
                    case 
    'destaques':$file="destaques.php";
                                break;
                    case 
    'comunic':$file="comunicados.php";
                                break;
                    case 
    'sala':$file="sala.php";
                                break;
                }
            } else {
                
    $file="tablenoticias.php";
            }
            include_once(
    $root."funcoes/gerais.php");
            if (
    $_REQUEST['distrito']!=""){
                
    $distrito="&distrito=".$_REQUEST['distrito'];
            }
        
    ?>

  2. #2
    Join Date
    Feb 2010
    Posts
    7
    guys, i couldnt put the rest of the code,because here didnt let me, if you guys didnt mind could come to this link
    http://www.php-pt.com/index.php?opti...4&id=3578#3578
    Last edited by bonucci; 02-15-10 at 16:41.

  3. #3
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    have a look at the PHP functions html entities and others
    I'd rather be riding on the Tiger 800 or the Norton

  4. #4
    Join Date
    Feb 2010
    Posts
    7
    im thinking to put this function :

    function sanitize($data)
    {
    $data = trim($data);

    if(get_magic_quotes_gpc())
    {
    $data = stripslashes($data);
    }

    $data = mysql_real_escape_string($data);

    return $data;
    }


    i dont no if it gonna work, but ill try

  5. #5
    Join Date
    Feb 2010
    Posts
    7
    damn, it didnt work

    still having the same problem

  6. #6
    Join Date
    Feb 2010
    Posts
    7
    well, you could give a better hint , im a noob in this

  7. #7
    Join Date
    Feb 2010
    Posts
    7
    could you be more specificm, i would be apreciate

  8. #8
    Join Date
    Feb 2010
    Posts
    7
    i arranjed the code, i cant see the problem

    <?
    if (file_exists("variaveis.php")) include_once("variaveis.php");
    else
    if(file_exists("../variaveis.php")) include_once("../variaveis.php");
    else
    include_once("../../variaveis.php");
    $bd=mysql_connect(HOSTNAME, USERNAME, PASSWORD)or die(mysql_error());
    mysql_select_db(BASE_DE_DADOS) or die(mysql_error());

    function sanitize($data)
    {
    // remove whitespaces (not a must though)
    $data = trim($data);

    // apply stripslashes if magic_quotes_gpc is enabled
    if(get_magic_quotes_gpc())
    {
    $data = stripslashes($data);
    }

    // a mySQL connection is required before using this function
    $data = mysql_real_escape_string($data);

    return $data;
    }

    function devolvenoticia($id){
    $sql="SELECT * FROM noticias WHERE id=".$id.";";
    $query=mysql_query($sql) or die (mysql_error());
    $noticia=mysql_fetch_array($query);
    return $noticia;
    }

    function utilnoti($id){
    $noticia=devolvenoticia($id);
    if (is_int($noticia['utilizador'])){
    $sql="SELECT * FROM acesso WHERE utilizador=".$noticia['utilizador'].";";
    $query=mysql_query($sql) or die (mysql_error());
    $util=mysql_fetch_array($query);
    $nome=$util['Login'];
    } else {
    $nome=$noticia['origem'];
    }
    return $nome;
    }

    function noticias($inicio, $num, $distrito=0, $mostra=1){
    $most="";
    if ($mostra==1){
    if ($distrito!=0){
    $most=" AND conferido=1 ";
    } else {
    $most=" WHERE conferido=1 ";
    }
    } else {
    $most="";
    }
    if ($distrito!=0){
    $sql="SELECT * FROM noticias WHERE distrito=".$distrito. $most. " ORDER BY data DESC, hora DESC LIMIT ".$inicio.", ".$num.";";
    } else {
    $sql="SELECT * FROM noticias ".$most." ORDER BY data DESC, hora DESC LIMIT ".$inicio.", ".$num." ;";
    }

    $query=mysql_query($sql) or die (mysql_error());
    //echo $sql;
    $a=0;
    while($noticia=mysql_fetch_array($query)){
    $notici[$a]=$noticia;
    $a++;
    }
    return $notici;
    }

    function inserenoticia($not){
    $sql="INSERT INTO noticias (`data` , `titulo` , `resumo` , `mensagem` , `origem` , `utilizador` , `hora`, `urlimagem`, `tipo`, `conferido`,`validopor` ,`distrito` ) VALUES ('".$not['data']."', '".$not['titulo']."' , '".$not['resumo']."' , '".$not['mensagem']."' , '".$not['origem']."' , ".$_SESSION['user'].", '".$not['hora']."', '".$not['urlimagem']."', ".$not['tipo'].", 1,'".$_SESSION['user']."',".$not['distrito'].");";
    //echo $sql;
    $query=mysql_query($sql) or die (mysql_error());
    //guardasql($sql,$_SESSION['user'],getdate());
    }

    function alteranoticia($noticia, $id){
    $sql="UPDATE noticias SET data='".$noticia['data']."',`titulo` = '".$noticia['titulo']."', `resumo` ='".$noticia['topico']."', `mensagem`='".$noticia['noticia']."' ,`origem`='".$noticia['origem']."', `utilizador`='".$noticia['autor']."', `hora` = '".$noticia['hora']."', `urlimagem` = '".$noticia['urlim']."', `tipo` = '".$noticia['tipo']."', `distrito`=".$noticia['distrito']." ' where id=".$id.";";
    $query=mysql_query($sql) or die (mysql_error());
    guardasql($sql,$_SESSION['user'],getdate());
    }

    function apaganoticia($id){
    $sql="DELETE FROM noticias WHERE id=".$id.";";
    $query=mysql_query($sql) or die (mysql_error());
    guardasql($sql,$_SESSION['user'],getdate());
    }

    function imagemnoticia($id){
    $sql="SELECT * FROM noticias WHERE id=".$id.";";
    $query=mysql_query($sql) or die(mysql_error());
    $not=mysql_fetch_array($query);
    if ($not['urlimagem']==""){
    if (($not['tipo']=="")||(!(isset($not['tipo'])))||($not['tipo']==0)){
    $imagem="";
    } else {
    $sqltipo="SELECT * FROM tiponoticias WHERE indice=".$not['tipo'].";";
    $exetipo=mysql_query($sqltipo) or die ("Erro nas bases de dados: ".mysql_error());
    $ti=mysql_fetch_array($exetipo);
    $imagem=$ti['urlimagem'];
    }
    } else {
    $imagem=$not['urlimagem'];
    }
    /**echo "<script>alert('".$imagem."')</script>"*/;
    return $imagem;
    }

    function comentarios($id){
    $sql="SELECT * FROM comentarios WHERE noticia=".$id.";";
    $query=mysql_query($sql) or die (mysql_error());
    $a=0;
    while($comentario=mysql_fetch_array($query)){
    $comen[$a]=$comentario;
    $a++;
    }
    return $comen;
    }

    function inserecomentario($comentario, $id){
    $sql="INSERT INTO `comentarios` ( `id_noticia` , `comentario` , `autor` , `data` , `hora` ) VALUES ( ".$id.", '".$comentario['mensagem']."', '".$comentario['autor']."', '".$comentario['data']."', '".$comentario['hora']."' );";
    $query = mysql_query($sql) or die(mysql_error());
    guardasql($sql,$_SESSION['user'],getdate());
    }

    function resumo($texto, $caracteres){
    $texto=substr($texto, 0, $caracteres);
    //echo $texto;
    $pos=strrpos($texto," ");
    //echo "-".$pos."-";
    if ($pos==0) $pos=strlen($texto);
    $texto=substr($texto,0,$pos);
    //echo $texto;
    return $texto."...";

    }

    function devolvedistritos(){
    $sql="SELECT * FROM distrito ORDER BY descricao;";
    $query=mysql_query($sql) or die (mysql_error());
    $a=0;
    while($d=mysql_fetch_array($query)){
    $distrito[$a]['id']=$d['id'];
    $distrito[$a]['descricao']=$d['descricao'];
    $a++;
    }
    return $distrito;
    }

    function devolvetipos(){
    $sql="SELECT * FROM tiponoticias ORDER BY descricao;";
    $query=mysql_query($sql) or die (mysql_error());
    $a=0;
    while($t=mysql_fetch_array($query)){
    $tipo[$a]['indice']=$t['indice'];
    $tipo[$a]['descricao']=$t['descricao'];
    $tipo[$a]['urlimagem']=$t['urlimagem'];
    $a++;
    }
    return $tipo;
    }
    ?>

  9. #9
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    I'd rather be riding on the Tiger 800 or the Norton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •