Hmm... Interesting concept. I admit I had given it an ever so brief thought, but I barely know how to get it working, let alone how one might break it...
So, I've been googling pages, but most seemed tailored to MS backends or otherwise. Or at least I'm guessing that's why they're getting errors. I've tried the few things I can find, and I don't get any error messages (other than an "invalid username/password" on the login page). And I can't think of a way that I could enter or kill any data yet... Does anyone know of a good straightforward page of "try this, then this" for testing for a sql injection flaw? Preferably one that deals with an openBSD/MySQL, PHP backend? Supposedly I have "magicquotes" (or should have), but I would just as soon get some sort of idea as to just how much at risk I am... Thanks! Levi On 6/15/06, Rick Funderburg <[EMAIL PROTECTED]> wrote:
Levi Smith wrote: > You'll have to excuse my lack of knowledge, I've had no training and I've > only managed to scrounge enough off the net to get the functions > done. I'm > only now starting to go through some of my code and databases and try to > apply some after-the-fact knowledge to clean things up a bit. So... > Can you help me out with what exactly "Also be aware that putting things > directly from the request parameter into a sql string is a sql injection > flaw." means? >> From the sound of it are you telling me that by asking for multiple > qualifications in the select statement I'm running what is technically an > "error", but works? Or something else entirely? > SQL Injection is a security vulnerability where users can send in SQL to your program in place of a normal parameter, which then gets executed. So if you had a link that looked like: http://example.com/showItem.php?cat=widgets I could send in sql in place of widgets and have it be part of your sql that you send to the database. It is likely that I could get at any information in your database (such as usernames and passwords) or even insert or delete records. The solution to this is generally to make sure that special characters (like the single quote) are properly escaped. I'm sure PHP has builtin functions to help with this, but I'm not sure what they are because I am not a PHP dev (mostly Java & some .Net). Use Google to find more information. SQL Injection is the most widely known security vulnerability for web developers, so there is a lot of info about it available. If there is ever a place in your code (regardless of language) where you are building up a sql command out of strings, you have to be careful to avoid introducing a SQL Injection flaw. -- Rick -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
