Hi:
We are looking to fill a Web Developer position here at Columbia University
Medical Center.
The job would be ideal for someone who enjoys creating/maintaining multiple
websites and has experience creating templates with CMS (Drupal ideal) and
creating pages with HTML and CSS. Basic knowledge
Hello,
One way to enforce this is to do (example):
$validMode = array('last' => 'last', 'first' => 'first', 'all' => 'all');
if (!isset($validMode['$_GET['mode']])) { /* bad input */ }
else
$sqlWhere = $validMode['$_GET['mode']]));
Which is essentially enforcing a white list.
There's a ton of
Hello Brent,
> What if someone submitted:
> Mode=last" OR 1=1
Thanks for the input, I get the same database error submitting your
suggestion that I got when I submitted the hack, btw.
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
___
> Always, always, always sanitized input from the user. These hackers will
> screen scrap web pages to get interesting looking links/forms and then send
> them directly to your script trying to break it.
>
As Ken said, always sanitize. Your input should assume that the data
came from a source you
At 07:26 AM 8/12/2008, [EMAIL PROTECTED] wrote:
Hello David,
> So what exactly does the parameter Mode do? Isn't this line showing that a
> parameter with value got passed to a script with GET? In that case, which
> input validation / processing do your scripts have?
> David
> _
Hello David,
> So what exactly does the parameter Mode do? Isn't this line showing that a
> parameter with value got passed to a script with GET? In that case, which
> input validation / processing do your scripts have?
> David
> ___
Indeed, it was a G
"So what exactly does the parameter Mode do? "
Normally, Mode= takes query parameters like "latest" or "featured"
member for sorting to select the correct display values. One of the
"correct" script generated calls is "index.php?Mode=last&Sex=all"
which tells the script to do a select for the late
[EMAIL PROTECTED] wrote:
Hello NYPHP,
I found the following attempted hack in the access log on one of my sites:
"GET /index.php?Mode=http://badguyurl.ru/index.html?";
In this case, the hacker didn't gain access to the site because a
database script failed instead.
I would like to be more pro
mod_Security -http://www.modsecurity.org/
Allows you to at the server level detect and log hack attempts
Note: it's default ruleset can be very aggressive against some CMS
applications, leading to adding exceptions to the ruleset for normal
functionality(or more accurately, it leads to people p
