Jump to content
MakeWebGames

Recommended Posts

Posted

Ok so on my game, i got crystal market and DD market, but they can be exploited...

?action=buy&ID=0%20union%20all%20select%201000,999999999,999999999,-999999999

?action=buy&ID=+1%20union%20all%20select%201000,200000000,200000000,-20000

They are the injections used, so i'm wondering how i can fix them?

Thanks.

Posted

Re: Need some help

 

if(eregi("[^0-9"]", $_GET['ID'])) {

$h->endpage(); exit();

}

So like this?

print "Adding a listing...

 

You have {$ir['crystals']} crystal(s) that you can add to the market.

The most you can ask for per crystal is \$10,000 <form action='cmarket.php?action=add' method='post'><table width=50% border=2><tr>

<td>Crystals:</td> <td><input type='text' name='amnt' value='{$ir['crystals']}' /></td></tr><tr>

<td>Price Each:</td> <td><input type='text' name='price' value='0' /></td></tr><tr>

<td colspan=2 align=center><input type='submit' value='Add To Market' /></tr></table></form>";

}

}

if(eregi("[^0-9"]", $_GET['ID'])) {

$h->endpage(); exit();

}

 

BTW someone threatening to shut my game down in 20 mins...

Posted

Re: Need some help

just put this right after the

include "globals.php";

 

$_POST['price']=abs((float) $_POST['price'])
; $_GET['ID'] = abs((int) $_GET['ID']);

 

that will fix it....also...put that on ALL markets you have that is like the crystal market.

Posted

Re: Need some help

Thanks for that :) Is there any way i can add a message, or if they try an injection they go to federal jail for 500 days for reason: Don't try injections, or something like that?

Posted

Re: Need some help

well the thing is if you put it in your market if someone tries to buy crystals thats not there your going to fed someoen for the wrong reason. you should come up with something other than that...And it would go in your header.php...sorry on the lack of description but if everyone knew the security they could beat it....not saying its not beatable now, lol..anything is able to be uncoded

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...