SQL injections

06/28/2016 09:30 LoLBoL#1
Hello,

I recently got my server up but there already has been a huge wave of SQL injections. Now before I'm gonna wipe my db for the 3rd time now, I was wondering if there's any way to stop people from injecting.

I'm currently running with these:
xArva's launcher
NanFS
IIS7.5 w/ PHP7

Thanks in advance,
LoLBoL


Verstuurd vanaf mijn SM-G900F met Tapatalk
06/28/2016 09:34 FlyffServices#2
Which Scripts are u using?

You should first fixx the SQL-Injection themselv before u do anything.
06/28/2016 10:45 LoLBoL#3
The 2012 php register page (was told this could cause it) and a login.php with external config. I was thinking about making an sql user with access only to account & token table but I'm not sure that will work.

Verstuurd vanaf mijn SM-G900F met Tapatalk
06/28/2016 11:17 Venipa#4
Use PDO prepare Statements
06/28/2016 11:21 tschulian#5
Show me the Website.
And I will tell you possible security issues.

If you are already using PDO, prepared Statements are easy to embedd.
If not, there are easy functions stored in classes to check every users Input.
I can provide u samples of mine.
I am using outdated mssql_ functions which are secured by my selfmade security classes and never had issues with injects.

aaaaaand now Most of those cool pro coders with bellys here are going to blame me now "menz noob why r u sing mssql_ instead of pdo blabla".
06/28/2016 17:55 EpicFight#6
Quote:
Originally Posted by LoLBoL View Post
The 2012 php register page (was told this could cause it) and a login.php with external config. I was thinking about making an sql user with access only to account & token table but I'm not sure that will work.

Verstuurd vanaf mijn SM-G900F met Tapatalk
Register 2012 .... has no right escape string...buy the way the Register is shit :D


from 2012 right ?
PHP Code:
<?php
ob_start('ob_gzhandler');

session_start();

include_once "config.php";

echo "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>
<html>
<head>
<title>".$title."</title>
<meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'>
<link href='css/style.css' rel='stylesheet' type='text/css'>
<script language='JavaScript' type='text/JavaScript'>
<!-- 
function disabledBttn(formname)
{
    if (document.all || document.getElementById) {
        for (i=0;i<formname.length;i++) {
            var bttn=formname.elements[i];
            if(bttn.type.toLowerCase()=='submit' || bttn.type.toLowerCase()=='reset' || bttn.type.toLowerCase()=='button')
                bttn.disabled=true;
        }
    }
}
//-->
</script>
</head>

<body leftmargin='0' topmargin='10' marginwidth='0' marginheight='0'>
<table width='100%' height='100%' border='0' align='center' cellpadding='0' cellspacing='0'>
  <tr>
    <td>
      <table width='430' border='0' align='center' cellpadding='0' cellspacing='0'>
        <tr>
          <td><img src='imgs/fiesta_logo.png' alt='top' width='300' height='168'></td>
        </tr>
        <tr>
          <td style='font-size:5px'>&nbsp;</td>
        </tr>
        <tr>
          <td align='center' bgcolor='white' style='border-bottom: solid 1px #cecece; border-top: solid 1px #cecece; border-left: solid 1px #cecece; border-right: solid 1px #cecece' class='padding_all'


          </td>
        </tr>
      </table>

      <br>

      <table width='350' border='0' align='center' cellpadding='0' cellspacing='0'>
        <tr>
          <td align='center' bgcolor='white' style='border-bottom: solid 1px #cecece; border-top: solid 1px #cecece; border-left: solid 1px #cecece; border-right: solid 1px #cecece' class='padding_all'>";
          
    if($_POST[action]!="signup")
    {

        echo "<form method='post' onSubmit='disabledBttn(this)' action=".$_SERVER[PHP_SELF]."?id=reg".$_SERVER[QUERY_STRING].">
            <table width='100%' border='0' align='center' cellpadding='2' cellspacing='2'>
              <tr>
                <td colspan='2'><img src='imgs/signup.gif' alt='signup' width='162' height='9'></td>
              </tr>
              <tr>
                <td width='10%'>Username</td><td><input type='text' name='username' size='20' maxlength='10'></td>
              </tr>
        <tr>
                <td width='10%'>E-Mail</td><td><input type='text' name='email' size='20' maxlength='25'></td>
              </tr>
              <tr>
                <td>Password</td><td><input type='password' name='password' size='20' maxlength='15'></td>
              </tr>
              <tr>
                <td colspan='2' align='right'><input type='submit' value='register' class='button'> <input type='reset' value='clear' class='button'></td>
              </tr>
            </table>
            <input type='hidden' name='action' value='signup'>
            </form>";

    }
    else
    {
        $required=array(
            "Username"=>$_POST[username],
    "E-Mail"=>$_POST[email],
            "Password"=>$_POST[password],
        );



        for($i=0;$i<count($required);$i++)
        {
            list($key,$value)=each($required);

            if(!$value)
                echo "<b>$key</b> is required<br>";
            else
                $chkArr[]=true;
        }

function rand_string() {
    $chars "123456789";    
    
    $size strlen($chars);
    for($i 0$i 5$i++) {
        $str .= $chars[rand(0$size 1)];
    }
    
    return $str;
}

        if(count($chkArr)==count($required))
        {
            $connection odbc_connect$connection_string$user$pass );

            if(!$func->is_valid_string($_POST[username]) && !$func->is_valid_string($_POST[password]))
            {

                $usernameP=$_POST[username];
                $query "SELECT * FROM [OdinAccounts].[dbo].[tAccounts] WHERE [sUsername]='$usernameP'";
                $q odbc_exec($connection$query);

                $qt odbc_do($connection$query);
                $i 0;
                while(odbc_fetch_row($qt)) $i++;

                if($i>0)
                    echo"<b>$_POST[username]</b>, is already taken!";
                else
{
$query "INSERT INTO [OdinAccounts].[dbo].[tAccounts] ([nEMID],[sUsername],[sUserPass],[sUserPassSalt],[sEmail],[nAuthID],[sIP]) VALUES('".rand_string()."','$_POST[username]','$_POST[password]','$_POST[password]','$_POST[email]','3','127.0.0.1')";
                    $q odbc_exec($connection$query);
                    if($q)
                    echo"Username, <b>$_POST[username]</b> has been registered!";
                }
            }
            else
                echo"Please re-enter username and password, remove all special characters!";

        }
        echo "<br><br><a href='".$_SERVER[PHP_SELF]."?id=back'>Return</a>";
}
echo "  </td>
        </tr>
        <tr>
        <td bgcolor='#7f7f7f'><font color='#FFFFFF'>".$copy."</font></td>
        </tr>
      </table>
    </td>
  </tr>
</table>
</body>
</html>";

    exit;

ob_end_flush();
?>
PHP Code:
    function is_valid_string($string) {

        $cfgBadChars='`~!@#$%^&*()+-_=[]{};\'\\:"|,/<>? ';

        if (empty($string))
            return true;

        for ($i 0$i strlen($cfgBadChars); $i++):
            if (strstr($string$cfgBadChars[$i]))
            return true;
        endfor;
        
        return false;
    } 
07/02/2016 01:55 Mathias1000#7
Use mysql_real_escape_string() for all Critical inputs.... so on php.net...