[Release]Website

Sentence' · 04/04/2012, 21:02

projekt abgebrochen

Wizatek · 04/04/2012, 21:39

loggedin.php (mysql injection possible)

Code:

$username =  $_POST["username"];
$passwort = ($_POST["passwort"]);
 
 
$abfrage = "SELECT user_id, passwd FROM bg_user WHERE user_id LIKE '$username' LIMIT 1";

register.php (mysql injection possible)

Code:

$username = $_POST["username"];
$passwort = $_POST["passwort"];
$passwort2 = $_POST["passwort2"];
$user_code = $_POST ["user_code"];
$email = $_POST ["email"];

if($passwort != $passwort2 OR $username == "" OR $passwort == "" OR $user_code == "" OR $email == "" OR $passwort == $email OR $passwort == $user_code OR $passwort == $username)
    {
    echo "Insert error. Please correct it and try again. ";
    exit;
    }
$passwort = ($passwort);
$result = mysql_query("SELECT user_id FROM bg_user WHERE user_id LIKE '$username'");
$result1 = mysql_query("SELECT user_code FROM bg_user WHERE user_code LIKE '$user_code'");
$result2 = mysql_query("SELECT email FROM bg_user WHERE email LIKE '$email'");

admin_loggin.php (mysql injection possible)

Code:

$username = $_POST["username"];
$admin = $_POST["admin"];
$passwort = ($_POST["password"]);


$abfrage = "SELECT user_id, passwd FROM bg_user WHERE user_id LIKE '$username' LIMIT 1";

multiple files : Session hijacking possible. (anyone can login)

Code:

<?php
if(!isset($_SESSION["username"]))
   {
   echo "Please <a href=\"admin_login.php\">Login</a>";
   exit;
   }
?>

changepw.php ( mysql injection possible )

Code:

$user_code = $_POST ["user_code"];
$passwort = $_POST["passwort"];
$newpasswort = $_POST["newpasswort"];

if($passwort == $newpasswort OR $user_code == $newpasswort OR $user_code == "" OR $newpasswort == "" OR $passwort == "")

    {
    echo "Do not use your User Code/old password as new password! Check the fields for completeness!";
    exit;
    }
	
	else
	{
	$eintrag = "UPDATE bg_user SET passwd = ('$newpasswort') WHERE passwd = ('$passwort')";
    $eintragen = mysql_query($eintrag);

donation.php (mysql injection possible)

Code:

$user_code = $_POST["user_code"];
$psc_code = $_POST["psc_code"];
$value = $_POST["value"];

if($user_code == "" OR $psc_code == "" OR $value == "")
    {
    echo "Please fill out all fields";
    exit;
    }

$result = mysql_query("SELECT psc_code FROM t_donation WHERE psc_code LIKE '$psc_code'");
$menge = mysql_num_rows($result);

if($menge == 0)
    {
    $eintrag = "INSERT INTO t_donation (user_code, psc_code, value) VALUES ('$user_code', '$psc_code', '$value')";
    $eintragen = mysql_query($eintrag);

Are u serious with this, or just trying to get people hacked?

Anyone can make a session by himself with some addons on the browser.
Its not really safe to just check if a session exists.
Lets say i make a session named username then im already logged in.
Always confirm the data in the session with the data in the database.
I could make a session with a username, but for example i couldn't make one with the password of that username since i don't know it.

~~dOofkopf!™~~ · 04/04/2012, 21:44

Wiza Pro^^

Nifelvind · 04/04/2012, 21:51

Quote:

Originally Posted by wizatek

[COLOR="Red"

Anyone can make a session by himself with some addons on the browser.
Its not really safe to just check if a session exists.
Lets say i make a session named username then im already logged in.
Always confirm the data in the session with the data in the database.
I could make a session with a username, but for example i couldn't make one with the password of that username since i don't know it.

He said he does not want to continue working on the page...so i guess it's no final version which is ready to be put online.

~~Drakkon132~~ · 04/04/2012, 21:52

why do you dont use "mysql_escape_string(variable)" its verry easy ? or check about /'" ... and splitt the variable at the point of /'"...

sry bad english

~~=Warmonger=~~ · 04/04/2012, 21:53

Quote:

Originally Posted by Testosteron™

Wiza Pro^^

Its common sense, none of his inputs are sanitized. Which means your just asking to be hacked. You might as well put "This Site Hackable!" on the main page of the website.

Wizatek · 04/04/2012, 21:55

Quote:

Originally Posted by Drakkon132

why do you dont use "mysql_escape_string(variable)" its verry easy ? or check about /'" ... and splitt the variable at the point of /'"...

sry bad english

mysql_escape_string is also unsafe, u need atleas mysql_real_escape_string
But even that seems to be not completely safe.

PDO is the best option

~~Drakkon132~~ · 04/04/2012, 21:56

Quote:

Originally Posted by wizatek

mysql_escape_string is also unsafe, u need atleas mysql_real_escape_string
But even that seems to be not completely safe.

PDO is the best option

yes but bether than nothing.

Sentence' · 04/04/2012, 22:11

Quote:

Originally Posted by wizatek

Spoiler

I know this.. and I've said this ^^ not my problem if someone got hacked

Wizatek · 04/04/2012, 22:15

So u know this, and u still release it like that with the intention to hack the people who use it ?

Reported

~~=Warmonger=~~ · 04/04/2012, 22:16

Quote:

Originally Posted by Drakkon132

why do you dont use "mysql_escape_string(variable)" its verry easy ? or check about /'" ... and splitt the variable at the point of /'"...

sry bad english

Striping slashes doesn't sanitize data, it removes slashes which is in effect de-sanitizing the data.

Quote:

Originally Posted by wizatek

mysql_escape_string is also unsafe, u need atleas mysql_real_escape_string
But even that seems to be not completely safe.

PDO is the best option

You could just pass the query through a written function to escape all the nonsense characters out of it, and it would still be perfectly secure. Tho it is better to use PDO or MySQLi Prepare.

Sentence' · 04/04/2012, 22:16

Quote:

Originally Posted by wizatek

So u know this, and u still release it like that with the intention to hack the people who use it ?

Reported

Not rly... READ, THINK, POST!!!

Yannikin · 04/04/2012, 22:25

I dont see the the problem, he wrote that the homepage is hackable. Maybe someone can do something with it, dont care.

Nev. · 04/04/2012, 22:45

Quote:

Originally Posted by Yannikin

I dont see the the problem, he wrote that the homepage is hackable. Maybe someone can do something with it, dont care.

Er hat Bewusst eine Homepage released die absolut Unsicher ist und JEDER, der nur halbwegs kentniss mit der Materie hat Sie einfach Hacken kann. Wo ist der Sinn eine Halbfertige HP mit Sicherheitslücken zu Releasen ? Ohne Wizatek's Post würden viele im nachhinein rumheulen "Ich wurde gehackt" etc.

Wäre ja Lustig wenn jeder hier sein halbfertiges werk, was zudem noch Sicherheits mängel aufweißt Releasen würde. Btw das Rote wurde im nachhinein editiert.

Sentence' · 04/04/2012, 22:48

Quote:

Originally Posted by Nev.

Er hat Bewusst eine Homepage released die absolut Unsicher ist und JEDER, der nur halbwegs kentniss mit der Materie hat Sie einfach Hacken kann. Wo ist der Sinn eine Halbfertige HP mit Sicherheitslücken zu Releasen ? Ohne Wizatek's Post würden viele im nachhinein rumheulen "Ich wurde gehackt" etc.

Wäre ja Lustig wenn jeder hier sein halbfertiges werk, was zudem noch Sicherheits mängel aufweißt Releasen würde. Btw das Rote wurde im nachhinein editiert.

JETZT LERN HALT LESEN !!! ICH SCHRIEB DOCH DAS ICH EINFACH KEINE LUST MEHR HABE !!! VIELLEICHT FINDET SICH JA WER DER LANGEWEILE HAT UND MEIN PROJEKT WEITERFÜHREN WILL BUT WAYNE..