probs wiht my site

For beginners, flames not allowed...(just by the staff :P)
Post Reply
User avatar
hiper
On the way to fame!
On the way to fame!
Posts: 49
Joined: 19 Jan 2009, 17:00
15
Location: in front of my comp
Contact:
Contact hiper

probs wiht my site

Post by hiper »

hey iv'e coded my own site with login account creation and a forum in xhtml/php/and some perl to lern more about cgi scripts.....
problem is that iv'e noticed that the site is vulnerabul to SQL injection.... >.<
i added ' after the url and got i error msg (that means that the site is vulnerabul right? correct me if iam wrong :P)
then i used "order by" 1/* 2/* 3/* and so on, then the union select bla,bla,bla.......
how can i prevent this?
and what can the attacker do whit this injection?
iam not so in to website dev, but iam learning every day :P
database is mySQL

any ways have a nice evning

btw b_b why do i get logged out when i start one of my firefox addons (xxs me) and refreash the page?
Top
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:
Contact ayu

Post by ayu »

You have to sanitize your input : )

There was a thread about this not long ago, you can take a look at that, has a very good example ; )

>HERE<
"The best place to hide a tree, is in a forest"
Top
User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:
Contact bad_brain

Post by bad_brain »

hm, the only reason I can think of is that enabling the plugin flushes the FF cache (including the cookies)....best check if the cookies are still there are enabling it... :-k
Top
User avatar
hiper
On the way to fame!
On the way to fame!
Posts: 49
Joined: 19 Jan 2009, 17:00
15
Location: in front of my comp
Contact:
Contact hiper

Post by hiper »

thx cats and b_b i solved both probs =)
Top
Post Reply

Return to “Newbies”