Haunted Dawg Posted September 4, 2008 Share Posted September 4, 2008 Yes 8 lines!!! Easy add this to header.php You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Ok so if you find more sql injections just update the 3 at the top and change the array. Quote Link to comment Share on other sites More sharing options...
dementor Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Could you explain how this secures the site and from what type of injections Or there no point in us just using it Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 4, 2008 Author Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Secure's your site from known sql injections. Quote Link to comment Share on other sites More sharing options...
dementor Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Give us a example I dont want to add it to my game for no reason Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 4, 2008 Author Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. You know the cmarket exploit? forum exploit x2? well it will secure it. Quote Link to comment Share on other sites More sharing options...
Eternal Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Well this is nice kyle give you 10/10 what this prevents is the injections of exploiting the forums so far i only noticed one line of code to do it but that is still testing with new types of injections.. By exploiting the forums you can query the database to send you any information you want by a simple union all select from 'tablename' with a few extra features i leave out for security purpose's.... what this actually does is help you out by not having to go through the whole forums clearing out every get request with $_GET['ID'] = abs((int) $_GET['ID']); which i tell you is a long task... this form is quite nice though and i suggest more people use it or something similar it isn't going to prevent all injections i know of but will slow it down :) Quote Link to comment Share on other sites More sharing options...
dementor Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Cool I think I got something similar to it in my game Quote Link to comment Share on other sites More sharing options...
dementor Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/public_html/forums.php on line 234 I remember why I didnt use it before Quote Link to comment Share on other sites More sharing options...
Eternal Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. thats your problems mate hahahah as noted in here it is secure to use fetch_row and that will work well with your forums Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 4, 2008 Author Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. @ the hacker07: i keep posting new ways & better ways to secure your site from known sql injections. I posted the You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. , and not to mention by finding new sql injections using that way you will end up having lets say 15 lines. It will take longer to load. I there for use this method from now on since it is quicker & easier. @ dementor: It's really not my fault you dont know how to add it. Hell why did u put it in forums? and atleast the sql exploiters wont be able to get the information they required. Quote Link to comment Share on other sites More sharing options...
dementor Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. I put the info in header.php Just my forums.php dont work with that info in the header Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 4, 2008 Author Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. my forums do, do you have a differnt type of forums? :| Quote Link to comment Share on other sites More sharing options...
dementor Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Well my game is not V2 ....... Had to code most of the forums myself :cry: Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 4, 2008 Author Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Yh most probly no wonder use this then: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. And you say you coded most of the forums your self, you should put the $_GET['']'s into the array. Quote Link to comment Share on other sites More sharing options...
03laceys Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. So in the current status of the lines posted. It stops common sql injections on the forums only? Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 4, 2008 Author Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. No, it stop's cmarket.php, donator market(if you have), car market(if you have), forums, gang market(if you have). Quote Link to comment Share on other sites More sharing options...
Yuri_orlov Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. If you dont understand the mechanics of this then you probably shouldn't have a MC game cause it is going to get hacked... basically he is creating an array to check the get variables that should be intergers and make them integers if not. problem with this general use in the header is that if you reuse variable names and pass a string in a get variable you are screwed. I prefer to check variables on a page by page basis, its a bit more work but it avoids unintended consequences. Also you need to check variables that aren't just gets, since posts can be activated by XSS as well as check strings. You can still inject the stock v2 forums even if you (int) check the topic id Quote Link to comment Share on other sites More sharing options...
03laceys Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. I understood what it does and what it is (not 100% but enough), I was mainly posting and asking to verify for others. Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted September 4, 2008 Share Posted September 4, 2008 Re: 8 Lines to secure your site from known sql injections. Yh most probly no wonder use this then: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. And you say you coded most of the forums your self, you should put the $_GET['']'s into the array. I really don't see the point in this... Your just making the code more complicated then it needs to be. Your orignal code was better, this is just longer code and will take more time to execute... Looping isn't really required for this... Something like: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Would work just as well Quote Link to comment Share on other sites More sharing options...
Modern-Empires Posted September 13, 2008 Share Posted September 13, 2008 Re: 8 Lines to secure your site from known sql injections. thanks for that i think i did see that while i was flicking throu the site but i was going to quickly to stop lol Quote Link to comment Share on other sites More sharing options...
Poldar Posted September 15, 2008 Share Posted September 15, 2008 Re: 8 Lines to secure your site from known sql injections. Where in the script to we put it? Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted September 15, 2008 Share Posted September 15, 2008 Re: 8 Lines to secure your site from known sql injections. if you can't patch forum and cmarket don't get a site... i mean why add header codes that's being lazy and yes i use a header code but i always patch the files also better safe than sorry Quote Link to comment Share on other sites More sharing options...
dementor Posted September 16, 2008 Share Posted September 16, 2008 Re: 8 Lines to secure your site from known sql injections. I have header codes But when I checked my files seems it had patched them already :lol: Quote Link to comment Share on other sites More sharing options...
Karlos Posted September 17, 2008 Share Posted September 17, 2008 Re: 8 Lines to secure your site from known sql injections. i just use You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 17, 2008 Author Share Posted September 17, 2008 Re: 8 Lines to secure your site from known sql injections. i just use You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Wich was my first code for header i made lol. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.