Results 1 to 1 of 1
-
22nd May 2009, 01:00 PM#1
OPMemberWebsite's:
litewarez.net litewarez.com triniwarez.com
PHP-SECURITY: add slashes VS real escape
ok today im going to be talking about some security issues when programming your php/mysql website
this information will show you why it is very inportant to create a mysql table and table rows carfully because it could save your website from being hacked..
So lets get started...
In GBK (character encoding) there is a characters that is considered as invalid multi-byte characters (0xbf27) BUT the character (0xbf5c) is a single-byte character...
(0x)bf|27 is (?)bf followed by (')27 AND
(0x)bf|5c is (?)bf folowed by (\)5c
So if you are using addslashes then it would be possible to inject the mysql tables with a single quote character..
so if i inject the char 0xbf27 (?') then addslashes function will modify this to become a multi-byte character so it will become 0xbf5c27 (?\') and this multi-byte character is VALID meaning it the it will successfully bypass addslashes and allow me to perform Sql Attacks threw Curl Post Attacks....
to test this security issue your self to see if you are vuln you can set up a php script on your server and create a simple MySql SELECT command and use the php function char() to inject your system so heres a small example.
ok so i hope you have understood that it is not good to user add slashes and i would recommend usingPHP Code:<?php
//Do Connection here
$_POST['admin_user'] = chr(0xbf) . chr(0x27) . //here addslashes would turn into a valid multi-byte char
' OR username = username /*';
$_POST['admin_pass'] = 'what ever';
$sql = "SELECT *
FROM users
WHERE username = '".addslashes($_POST['username'])."'
AND password = '".addslashes($_POST['password'])."'
";
$result = mysql_query($sql);
/*
Login would usually be here to test for authentication
*/
?>
mysql_real_escape_string() if available on your php version.
and if you havent understood what ive been speaking about the just dont use addslashes lol
peace alllitewarez Reviewed by litewarez on . PHP-SECURITY: add slashes VS real escape ok today im going to be talking about some security issues when programming your php/mysql website this information will show you why it is very inportant to create a mysql table and table rows carfully because it could save your website from being hacked.. So lets get started... In GBK (character encoding) there is a characters that is considered as invalid multi-byte characters (0xbf27) BUT the character (0xbf5c) is a single-byte character... (0x)bf|27 is (?)bf followed by (')27 Rating: 5Join Litewarez.net today and become apart of the community.
Unique | Clean | Advanced (All with you in mind)
Downloads | Webmasters
Notifications,Forum,Chat,Community all at Litewarez Webmasters
Register To ReplySponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
French ?Three Strikes? Law Slashes Piracy
By Ladybbird1 in forum News & Current EventsReplies: 0Last Post: 5th Apr 2012, 12:17 AM -
How to escape from files getting delete by DMCA
By Sagi in forum File Host DiscussionReplies: 34Last Post: 13th Aug 2011, 12:37 AM -
[VPS] Escape Host - 99% uptime - Quality VPS
By SplitIce in forum ArchiveReplies: 9Last Post: 3rd Mar 2009, 11:09 PM -
[VPS] Escape Hosting VPS special - This week only
By SplitIce in forum ArchiveReplies: 6Last Post: 26th Feb 2009, 11:16 PM
Staff Online
themaPoster - post to forums and...
Version 5.09 released. Open older version (or...