Haunted Dawg Posted September 4, 2008 Posted September 4, 2008 Yes 8 lines!!! Easy add this to header.php You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Ok so if you find more sql injections just update the 3 at the top and change the array. Quote
dementor Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Could you explain how this secures the site and from what type of injections Or there no point in us just using it Quote
Haunted Dawg Posted September 4, 2008 Author Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Secure's your site from known sql injections. Quote
dementor Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Give us a example I dont want to add it to my game for no reason Quote
Haunted Dawg Posted September 4, 2008 Author Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. You know the cmarket exploit? forum exploit x2? well it will secure it. Quote
Eternal Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Well this is nice kyle give you 10/10 what this prevents is the injections of exploiting the forums so far i only noticed one line of code to do it but that is still testing with new types of injections.. By exploiting the forums you can query the database to send you any information you want by a simple union all select from 'tablename' with a few extra features i leave out for security purpose's.... what this actually does is help you out by not having to go through the whole forums clearing out every get request with $_GET['ID'] = abs((int) $_GET['ID']); which i tell you is a long task... this form is quite nice though and i suggest more people use it or something similar it isn't going to prevent all injections i know of but will slow it down :) Quote
dementor Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Cool I think I got something similar to it in my game Quote
dementor Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/public_html/forums.php on line 234 I remember why I didnt use it before Quote
Eternal Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. thats your problems mate hahahah as noted in here it is secure to use fetch_row and that will work well with your forums Quote
Haunted Dawg Posted September 4, 2008 Author Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. @ the hacker07: i keep posting new ways & better ways to secure your site from known sql injections. I posted the You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. , and not to mention by finding new sql injections using that way you will end up having lets say 15 lines. It will take longer to load. I there for use this method from now on since it is quicker & easier. @ dementor: It's really not my fault you dont know how to add it. Hell why did u put it in forums? and atleast the sql exploiters wont be able to get the information they required. Quote
dementor Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. I put the info in header.php Just my forums.php dont work with that info in the header Quote
Haunted Dawg Posted September 4, 2008 Author Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. my forums do, do you have a differnt type of forums? :| Quote
dementor Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Well my game is not V2 ....... Had to code most of the forums myself :cry: Quote
Haunted Dawg Posted September 4, 2008 Author Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Yh most probly no wonder use this then: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. And you say you coded most of the forums your self, you should put the $_GET['']'s into the array. Quote
03laceys Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. So in the current status of the lines posted. It stops common sql injections on the forums only? Quote
Haunted Dawg Posted September 4, 2008 Author Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. No, it stop's cmarket.php, donator market(if you have), car market(if you have), forums, gang market(if you have). Quote
Yuri_orlov Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. If you dont understand the mechanics of this then you probably shouldn't have a MC game cause it is going to get hacked... basically he is creating an array to check the get variables that should be intergers and make them integers if not. problem with this general use in the header is that if you reuse variable names and pass a string in a get variable you are screwed. I prefer to check variables on a page by page basis, its a bit more work but it avoids unintended consequences. Also you need to check variables that aren't just gets, since posts can be activated by XSS as well as check strings. You can still inject the stock v2 forums even if you (int) check the topic id Quote
03laceys Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. I understood what it does and what it is (not 100% but enough), I was mainly posting and asking to verify for others. Quote
Isomerizer Posted September 4, 2008 Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Yh most probly no wonder use this then: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. And you say you coded most of the forums your self, you should put the $_GET['']'s into the array. I really don't see the point in this... Your just making the code more complicated then it needs to be. Your orignal code was better, this is just longer code and will take more time to execute... Looping isn't really required for this... Something like: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Would work just as well Quote
Modern-Empires Posted September 13, 2008 Posted September 13, 2008 Re: 8 Lines to secure your site from known sql injections. thanks for that i think i did see that while i was flicking throu the site but i was going to quickly to stop lol Quote
Poldar Posted September 15, 2008 Posted September 15, 2008 Re: 8 Lines to secure your site from known sql injections. Where in the script to we put it? Quote
Zero-Affect Posted September 15, 2008 Posted September 15, 2008 Re: 8 Lines to secure your site from known sql injections. if you can't patch forum and cmarket don't get a site... i mean why add header codes that's being lazy and yes i use a header code but i always patch the files also better safe than sorry Quote
dementor Posted September 16, 2008 Posted September 16, 2008 Re: 8 Lines to secure your site from known sql injections. I have header codes But when I checked my files seems it had patched them already :lol: Quote
Karlos Posted September 17, 2008 Posted September 17, 2008 Re: 8 Lines to secure your site from known sql injections. i just use You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote
Haunted Dawg Posted September 17, 2008 Author Posted September 17, 2008 Re: 8 Lines to secure your site from known sql injections. i just use You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Wich was my first code for header i made lol. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.