highlevelcoder
highlevelcoder

Reputation: 355

Finding blind_SQL vulnerability in php site code

Hi I'm really a beginner in the web domain and I was wondering if someone could guide me in where should I look for the blind sql injection vulnerability in the code of the whole forum For example if this is the exploit of the vulnerability index.php?m=content&c=rss&catid=[valid catid] where should I look for in the code for the portion which validates user form & url input; I'm really a beginner in php and how should I fix it.

Upvotes: 2

Views: 506

Answers (3)

Stellar Sword
Stellar Sword

Reputation: 6226

Each $_GET, $_POST, $_COOKIE, (and even $_SERVER) superglobal input must be validated and not trusted.

If you use any of them in your code, if it's going to database, use mysql_real_escape_string; if it will be displayed directly as html on your website (as well as if it is called from the database), you should check for XSS, using functions like htmlentities, htmlspecialchars, strip_tags etc.

Upvotes: 0

rook
rook

Reputation: 67004

If you are worried about SQL Injection then you have bad design. You should be using parametrized queries with a library like ADODB or PDO. Then there is no question, you are 100% protected against SQL Injection.

For testing for blind sql you can do somthing like: index.php?m=content&c=rss&catid=sleep(30).

This request should take 30 seconds for the page to load. If you need a quote mark then the payload would look something like ' and sleep(30) or 1='.

To patch this vulnerability you know that catid should be an int. So at the top of that page you can add this line: $_GET['catid']=intval($_GET['catid']);

Upvotes: 1

Bjoern
Bjoern

Reputation: 16314

There is alot of material around where to read about php security. A few links:

Your question regarding form input: One of the first things you should look into and use is mysql_real_escape_string.

Upvotes: 0

Related Questions