Results 1 to 5 of 5

Thread: Url Injection Protection. Take it Seriously

  1. #1
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469

    Url Injection Protection. Take it Seriously

    Get your attention? Hope so. I got hacked severely by the most innocent means and wanted to share the outcome with you all. Little did I realize that by not validating url parameters VERY carefully somebody could do some serious damage including looking up passwords, etc.

    The simple way I am now protecting my queries is with an INTVAL check.

    When you do a lookup lets say website.com/news.php?id=1 I can ADD sql to the end of that 1 and do all kinds of things. Example;

    website.com/news.php?id=1; Drop Table *
    website.com/news.php?id=1; INSERT USERS *

    Scary wouldnt you say? I am now using two means to protect pages that use an ID parameter. At the very start of my code I check the id as follows now;

    !is_numeric($_GET['id'])

    I its NOT a number, I kick them to my homepage. Why? They clearly messed with my url and dont really want to read my news. If its not a number, the news wont load, you get dumped.

    As a secondary and redundant measure I also cleaned my query.

    $colname_news = intval($_GET['id']);
    WHERE id = %s", $colname_news

    All I am doing here is converting the ID to a number. So if for WHATEVER reason my first check failed ( dont see how it could ) I convert the ID to an int before it goes into my query. That way if somebody did this;

    website.com/news.php?id=1; INSERT USERS *

    It would still only be 1. INTVAL drops the '; Insert users *'

    Hopefully this helps somebody. I am by no means done my code improvements and am no expert. Feedback welcome.

  2. #2
    Administrator Chris's Avatar
    Join Date
    Feb 2003
    Location
    East Lansing, MI USA
    Posts
    7,055
    how did you get hacked?

    I recently got hacked too, don't know how. They inserted an inframe to some russian site into my index.php file. Of course, that is a file system thing not an SQL thing.
    Chris Beasley - My Guide to Building a Successful Website[size=1]
    Content Sites: ABCDFGHIJKLMNOP|Forums: ABCD EF|Ecommerce: Swords Knives

  3. #3
    Gimme Fries with that!
    Join Date
    Aug 2004
    Posts
    1,469
    Quote Originally Posted by Chris View Post
    how did you get hacked?

    I recently got hacked too, don't know how. They inserted an inframe to some russian site into my index.php file. Of course, that is a file system thing not an SQL thing.
    What happened to you is exactly what happened to me. SQL injection is scary easy to do. If you shoot me the link to the page ( via email ) I will look at it for you. I am no expert but I certainly have learned alot after getting jacked.

  4. #4
    Registered Mr. Pink's Avatar
    Join Date
    Sep 2008
    Location
    USA
    Posts
    147
    I'm afraid I don't understand exactly what is being talked about. Sorry, I just an amateur HTML web designer and some technical stuff I just don't understand.

    So, I have out.php scripts on my site and just did a test as best as I could understand what was being talked about.

    when I go to this URL...

    mysite.com/scripts/out.php?LinkID=57

    ...I get forwarded to the external site, as expected, as it should.


    When I type this in my browser...

    mysite.com/scripts/out.php?LinkID=57; INSERT USERS *

    ...the result is exactly the same, i.e. I just get forwarded to the same external site.

    Am I missing something?

  5. #5
    Administrator Chris's Avatar
    Join Date
    Feb 2003
    Location
    East Lansing, MI USA
    Posts
    7,055
    How are they going to edit a file with an SQL query?

    Anyways, I'll email you what I've got.
    Chris Beasley - My Guide to Building a Successful Website[size=1]
    Content Sites: ABCDFGHIJKLMNOP|Forums: ABCD EF|Ecommerce: Swords Knives

Similar Threads

  1. MailScanner E-Mail Virus Protection Service
    By cameron in forum General Management Issues
    Replies: 1
    Last Post: 03-12-2009, 06:48 PM
  2. Replies: 0
    Last Post: 11-23-2008, 09:00 AM
  3. Email Spam Protection
    By Blue Cat Buxton in forum Web Hosting & Servers
    Replies: 0
    Last Post: 06-24-2005, 03:47 AM
  4. password protection
    By albsure in forum Website Programming & Databases
    Replies: 12
    Last Post: 11-25-2003, 12:40 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •