Reputation: 355
Hi I'm really a beginner in the web domain and I was wondering if someone could guide me in where should I look for the blind sql injection vulnerability in the code of the whole forum
For example if this is the exploit of the vulnerability index.php?m=content&c=rss&catid=[valid catid]
where should I look for in the code for the portion which validates user form & url input; I'm really a beginner in php and how should I fix it.
Upvotes: 2
Views: 506
Reputation: 6226
Each $_GET, $_POST, $_COOKIE, (and even $_SERVER) superglobal input must be validated and not trusted.
If you use any of them in your code, if it's going to database, use mysql_real_escape_string; if it will be displayed directly as html on your website (as well as if it is called from the database), you should check for XSS, using functions like htmlentities, htmlspecialchars, strip_tags etc.
Upvotes: 0
Reputation: 67004
If you are worried about SQL Injection then you have bad design. You should be using parametrized queries with a library like ADODB or PDO. Then there is no question, you are 100% protected against SQL Injection.
For testing for blind sql you can do somthing like:
index.php?m=content&c=rss&catid=sleep(30)
.
This request should take 30 seconds for the page to load. If you need a quote mark then the payload would look something like ' and sleep(30) or 1='
.
To patch this vulnerability you know that catid should be an int. So at the top of that page you can add this line:
$_GET['catid']=intval($_GET['catid']);
Upvotes: 1
Reputation: 16314
There is alot of material around where to read about php security. A few links:
Your question regarding form input: One of the first things you should look into and use is mysql_real_escape_string.
Upvotes: 0