Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
bonucci
Starting Member
3 Posts |
 Posted - 2010-02-15 : 13:08:25
|
Hi guys, i have a huge problem, my website was attaqued, it was by sql injection, the attaquer by the browser putted a quote in front to test if it was vulnerable, than start counting the columns and tables do enter the data base than it could get the admin and password of the administrative panel.I found where the link that the attaquer did it, i see the code, but im a litlle noob, if you guys could look it i aprreciate :S<? if (file_exists("variaveis.php")) include_once("variaveis.php"); else if(file_exists("../variaveis.php")) include_once("../variaveis.php"); else include_once("../../variaveis.php"); $bd=mysql_connect(HOSTNAME, USERNAME, PASSWORD)or die(mysql_error()); mysql_select_db(BASE_DE_DADOS) or die(mysql_error()); function sanitize($data) { // remove whitespaces (not a must though) $data = trim($data); // apply stripslashes if magic_quotes_gpc is enabled if(get_magic_quotes_gpc()) { $data = stripslashes($data); } // a mySQL connection is required before using this function $data = mysql_real_escape_string($data); return $data; } function devolvenoticia($id){ $sql="SELECT * FROM noticias WHERE id=".$id.";"; $query=mysql_query($sql) or die (mysql_error()); $noticia=mysql_fetch_array($query); return $noticia; } function utilnoti($id){ $noticia=devolvenoticia($id); if (is_int($noticia['utilizador'])){ $sql="SELECT * FROM acesso WHERE utilizador=".$noticia['utilizador'].";"; $query=mysql_query($sql) or die (mysql_error()); $util=mysql_fetch_array($query); $nome=$util['Login']; } else { $nome=$noticia['origem']; } return $nome; } function noticias($inicio, $num, $distrito=0, $mostra=1){ $most=""; if ($mostra==1){ if ($distrito!=0){ $most=" AND conferido=1 "; } else { $most=" WHERE conferido=1 "; } } else { $most=""; } if ($distrito!=0){ $sql="SELECT * FROM noticias WHERE distrito=".$distrito. $most. " ORDER BY data DESC, hora DESC LIMIT ".$inicio.", ".$num.";"; } else { $sql="SELECT * FROM noticias ".$most." ORDER BY data DESC, hora DESC LIMIT ".$inicio.", ".$num." ;"; } $query=mysql_query($sql) or die (mysql_error()); //echo $sql; $a=0; while($noticia=mysql_fetch_array($query)){ $notici[$a]=$noticia; $a++; } return $notici; } function inserenoticia($not){ $sql="INSERT INTO noticias (`data` , `titulo` , `resumo` , `mensagem` , `origem` , `utilizador` , `hora`, `urlimagem`, `tipo`, `conferido`,`validopor` ,`distrito` ) VALUES ('".$not['data']."', '".$not['titulo']."' , '".$not['resumo']."' , '".$not['mensagem']."' , '".$not['origem']."' , ".$_SESSION['user'].", '".$not['hora']."', '".$not['urlimagem']."', ".$not['tipo'].", 1,'".$_SESSION['user']."',".$not['distrito'].");"; //echo $sql; $query=mysql_query($sql) or die (mysql_error()); //guardasql($sql,$_SESSION['user'],getdate()); } function alteranoticia($noticia, $id){ $sql="UPDATE noticias SET data='".$noticia['data']."',`titulo` = '".$noticia['titulo']."', `resumo` ='".$noticia['topico']."', `mensagem`='".$noticia['noticia']."' ,`origem`='".$noticia['origem']."', `utilizador`='".$noticia['autor']."', `hora` = '".$noticia['hora']."', `urlimagem` = '".$noticia['urlim']."', `tipo` = '".$noticia['tipo']."', `distrito`=".$noticia['distrito']." ' where id=".$id.";"; $query=mysql_query($sql) or die (mysql_error()); guardasql($sql,$_SESSION['user'],getdate()); } function apaganoticia($id){ $sql="DELETE FROM noticias WHERE id=".$id.";"; $query=mysql_query($sql) or die (mysql_error()); guardasql($sql,$_SESSION['user'],getdate()); } function imagemnoticia($id){ $sql="SELECT * FROM noticias WHERE id=".$id.";"; $query=mysql_query($sql) or die(mysql_error()); $not=mysql_fetch_array($query); if ($not['urlimagem']==""){ if (($not['tipo']=="")||(!(isset($not['tipo'])))||($not['tipo']==0)){ $imagem=""; } else { $sqltipo="SELECT * FROM tiponoticias WHERE indice=".$not['tipo'].";"; $exetipo=mysql_query($sqltipo) or die ("Erro nas bases de dados: ".mysql_error()); $ti=mysql_fetch_array($exetipo); $imagem=$ti['urlimagem']; } } else { $imagem=$not['urlimagem']; } /**echo "<script>alert('".$imagem."')</script>"*/; return $imagem; } function comentarios($id){ $sql="SELECT * FROM comentarios WHERE noticia=".$id.";"; $query=mysql_query($sql) or die (mysql_error()); $a=0; while($comentario=mysql_fetch_array($query)){ $comen[$a]=$comentario; $a++; } return $comen; } function inserecomentario($comentario, $id){ $sql="INSERT INTO `comentarios` ( `id_noticia` , `comentario` , `autor` , `data` , `hora` ) VALUES ( ".$id.", '".$comentario['mensagem']."', '".$comentario['autor']."', '".$comentario['data']."', '".$comentario['hora']."' );"; $query = mysql_query($sql) or die(mysql_error()); guardasql($sql,$_SESSION['user'],getdate()); } function resumo($texto, $caracteres){ $texto=substr($texto, 0, $caracteres); //echo $texto; $pos=strrpos($texto," "); //echo "-".$pos."-"; if ($pos==0) $pos=strlen($texto); $texto=substr($texto,0,$pos); //echo $texto; return $texto."..."; } function devolvedistritos(){ $sql="SELECT * FROM distrito ORDER BY descricao;"; $query=mysql_query($sql) or die (mysql_error()); $a=0; while($d=mysql_fetch_array($query)){ $distrito[$a]['id']=$d['id']; $distrito[$a]['descricao']=$d['descricao']; $a++; } return $distrito; } function devolvetipos(){ $sql="SELECT * FROM tiponoticias ORDER BY descricao;"; $query=mysql_query($sql) or die (mysql_error()); $a=0; while($t=mysql_fetch_array($query)){ $tipo[$a]['indice']=$t['indice']; $tipo[$a]['descricao']=$t['descricao']; $tipo[$a]['urlimagem']=$t['urlimagem']; $a++; } return $tipo; }?>whell, hope you guys could help me :S |
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-15 : 13:18:07
|
| You have got a sanitize() function, but you aren't using it anywhere. Why is that? |
 |
|
|
bonucci
Starting Member
3 Posts |
Posted - 2010-02-15 : 13:37:07
|
Sorry my bad, trully sorry, whrong one, this one his the right page here the code have a problem of sql injection <? session_start(); function root($rot=""){ if (file_exists($rot."variaveis.php")){ return $rot; } else { $rot.="../"; root($rot); //echo"*******-".$ro."-*******"; } } $root=root("../"); if ($_REQUEST['fundo']!=""){ setcookie("bombeirospt",$_REQUEST['fundo'],time()+(60*60*24*365)); //duração de um ano } ?> <? if (($_REQUEST['fundo']=='')||(!(isset($_REQUEST['fundo'])))){ if (isset($HTTP_COOKIE_VARS["bombeirospt"])){ $fundo= $HTTP_COOKIE_VARS["bombeirospt"]; } else { $fundo="preto"; } } else { $fundo=$_REQUEST['fundo']; } if((isset($_REQUEST['opc1']))&&($_REQUEST['opc1']!="")){ switch ($_REQUEST['opc1']){ case 'destaques':$file="destaques.php"; break; case 'comunic':$file="comunicados.php"; break; case 'sala':$file="sala.php"; break; } } else { $file="tablenoticias.php"; } include_once($root."funcoes/gerais.php"); if ($_REQUEST['distrito']!=""){ $distrito="&distrito=".$_REQUEST['distrito']; } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>NotÃcias Bombeiros</title> <meta http-equiv="Content-Language" content="pt"/> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <meta name="generator" content="Dreamweaver"/> <meta name="author" content="Associação Amigos Bombeirosdistritoguarda.com"/> <meta name="MSSmartTagsPreventParsing" content="true"/> <meta http-equiv="imagetoolbar" content="no"/> <meta name="resource-type" content="document"/> <meta http-equiv="pragma" content="no-cache"/> <meta name="robots" content="ALL"/> <meta name="distribution" content="Global"/> <meta name="rating" content="General"/> <meta name="language" content="portugu#234;s"/> <meta name="doc-class" content="Completed"/> <meta name="doc-rights" content="Copywritten Work"/> <meta name="revisit-after" content="1 days"/> <meta name="description" content="Toda a informação sobre os Bombeiros Portugueses no portal Bombeiros.pt."/> <meta name="keywords" content="Bombeiros, Protecção Civil, Bombeiros Mobile, Incêndios Florestais, Liga dos Bombeiros Portugueses, Autoridade Nacional da Protecção Civil, Inem, Bombeiro, Acontecimentos bombeiros, Legislação, manuais, foruns, Pontos de Agua, Noticias diárias bombeiros, Meteorologia, Guestbook, Links bombeiros, Agulhetas, mangueiras, formação, Escola Nacional Bombeiros, Ferramenta de apoio aos bombeiros, Bombeiros.pt, Associação amigos Bombeirosdistritoguarda.com, Informação, Videos, fotografia, imagens bombeiros, Curiosidades bombeiros, Crónicas, Eventos, Sala de Chat, Bombeiros do distrito de Coimbra, Bombeiros do distrito da Guarda, Inovação Tecnologica, Bombeiros Portugal, Meios Existentes, História Bombeiros Portugal, Missão dos Bombeiros Portugal, Incêndios Activos, Testes Bombeiros On-line, Destaques, Comunicados, Sala de Imprensa, Merchandising, wallpapers Bombeiros, Sons Bombeiros, cliparts"/><link rel="SHORTCUT ICON" href="http://myip/~bombeiro/logo.ico" /><style type="text/css">.menu1 {padding:0 0 0 32px; margin:0; list-style:none; height:35px; background:#fff url(<?=$root?>estilos_imagens/button1.gif); position:relative; border:1px solid #000; border-width:0 1px; border-bottom:1px solid #444;}.menu1 li {float:left;}.menu1 li a {display:block; float:left; height:35px; line-height:35px; color:#aaa; text-decoration:none; font-size:11px; font-family:arial, verdana, sans-serif; font-weight:bold; text-align:center; padding:0 0 0 8px; cursor:pointer;}.menu1 li a b {float:left; display:block; padding:0 16px 0 8px;}.menu1 li.current a {color:#fff; background:url(<?=$root?>estilos_imagens/button3.gif);}.menu1 li.current a b {background:url(<?=$root?>estilos_imagens/button3.gif) no-repeat right top;}.menu1 li a:hover {color:#fff; background:#000 url(<?=$root?>estilos_imagens/button2.gif);}.menu1 li a:hover b {background:url(<?=$root?>estilos_imagens/button2.gif) no-repeat right top;}.menu1 li.current a:hover {color:#fff; background:#000 url(<?=$root?>estilos_imagens/button3.gif); cursor:default;}</style><link href="<?=$root?>estilos_imagens/style.css" rel="stylesheet" type="text/css" /> <link href="../Master/<?=$root?>estilos_imagens/style<?=$fundo?>.css" rel="stylesheet" type="text/css" /><style type="text/css"><!--.style2 { font-family: Geneva, Arial, Helvetica, sans-serif; font-weight: bold; font-size: x-small;}a:link { color: #333333; text-decoration: none;}a:visited { text-decoration: none; color: #666666;}a:hover { text-decoration: underline; color: #000000;}a:active { text-decoration: none; color: #999999;}.style4 { font-size: x-small; font-family: Geneva, Arial, Helvetica, sans-serif;}.smc { font-size: small; font-family: Geneva, Arial, Helvetica, sans-serif;}.style11 { font-size: x-small; font-family: Geneva, Arial, Helvetica, sans-serif; color: #666666;}.style16 { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: x-small;}.style18 { font-size: 12px; font-family: Geneva, Arial, Helvetica, sans-serif; color: #666666;}.style27 { font-family: Geneva, Arial, Helvetica, sans-serif; font-weight: bold; font-size: small;}.style35 { font-family: Geneva, Arial, Helvetica, sans-serif; font-weight: bold; font-size: 12px; color: #0099FF;}.style39 { color: #999999; font-weight: bold;}.style40 {color: #333333}.style41 { font-size: 11px; font-weight: bold;}#apDiv1 { position:relative; width:181px; height:41px; z-index:2; background-color:#999999; left: 20px; top: 40px; color:#FFFFFF; font-family:Geneva, Arial, Helvetica, sans-serif; font-size:12px; font-weight:bold; text-align:center; vertical-align:middle; visibility:hidden; filter:alpha(opacity=60); -moz-opacity:.60; opacity:.60;}.style61 {font-family: Verdana, Arial, Helvetica, sans-serif; font-size: x-small; font-weight: bold; }--></style><script src="<?=$root;?>aja2.js"></script></head><? include_once ($root."contador.php"); actualiza_contador(); include_once ($root."funcoes/noticias.php"); $noticia=devolvenoticia($_REQUEST['id']); ?><body style="padding-top:8px; padding-bottom:8px;"><table width="900" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF"> <!--DWLayoutTable--> <tr> <td height="8" colspan="4" valign="top"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="900" height="8" class="barratopo"></td> </tr> </table> </td> </tr> <tr> <td width="5" rowspan="6" valign="top" bgcolor="#FFFFFF" class="linha_esquerda"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="5" bgcolor="#FFFFFF"> </td> </tr> </table> </td> <td width="323" height="70" valign="top" bgcolor="#FFFFFF"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="323" height="70" bgcolor="#FFFFFF"><a href="http://www.bombeiros.pt"><img src="<?=$root?>estilos_imagens/Logotipo.gif" width="323" height="46" border="0" /></a></td> </tr> </table> </td> <td width="567" valign="top" bgcolor="#FFFFFF"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="567" height="70" align="center" valign="middle" bgcolor="#FFFFFF" style="vertical-align:middle"> <form action="http://www.google.com/cse" target="_blank" id="cse-search-box"> <div> <div align="center"> <input type="hidden" name="cx" value="000330186860091022534:1hoda_dv-f4" /> <input type="hidden" name="ie" value="UTF-8" /> <img src="<?=$root?>estilos_imagens/google.gif" width="54" height="19" /> <input name="q" type="text" class="linha_quadrado" size="20" /> <input name="sa" type="submit" class="style35" value="Pesquisar" /> </div> </div> </form> </td> </tr> </table> </td> <td width="5" rowspan="6" valign="top" class="linha_direita"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="5"bgcolor="#FFFFFF"> </td> </tr> </table> </td> </tr> <tr> <td height="36" colspan="2" valign="top"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="890" height="25" valign="top" bgcolor="#FFFFFF"><? include_once($root."menu_topo.php")?></td> </tr> </table> </td> </tr> <tr> <td height="144" colspan="2" valign="top"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="890" height="144" bgcolor="#FFFFFF"><? include_once($root."banner.php")?></td> </tr> </table> </td> </tr> <tr> <td height="5" colspan="2" valign="top"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="890" height="5" bgcolor="#FFFFFF"></td> </tr> </table> </td> </tr> <tr> <td colspan="2" valign="top"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="180" height="876" valign="top"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="180" height="240" valign="top"> <table width="100%" border="0" cellpadding="0" cellspacing="0" class="linha_quadrado"> <!--DWLayoutTable--> <tr> <td width="180" height="240" valign="middle" bgcolor="#FFFFFF"> <script language="JavaScript"> <!-- function random_imglink(){ var myimages=new Array() var imagelinks=new Array() //specify random images below. You can have as many as you wish <? for ($i=1; $i<=62; $i++){?> myimages[<?=$i?>]="<?=$root?>imagens/<?=$i?>.jpg" imagelinks[<?=$i?>]="http://mywebsite/galeria" <? } ?> var ry=Math.floor(Math.random()*myimages.length) if (ry==0) ry=1 document.write('<a href='+'"'+imagelinks[ry]+'"'+'><img src="'+myimages[ry]+'" border=0></a>') } random_imglink() //--> </script></td> </tr> </table></td> </tr> <tr> <td height="634" valign="top" bgcolor="#FFFFFF" style="vertical-align:top"><? include_once($root."estilos_imagens/menus/menus.php")?></td> </tr> </table></td> <td width="6" rowspan="2" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="6" height="1300" bgcolor="#FFFFFF"> </td> </tr> </table></td> <td width="454" rowspan="2" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="454" height="31" valign="top" bgcolor="#FFFFFF"><table width="100%" border="0" cellpadding="0" cellspacing="0" background="<?=$root?>estilos_imagens/fundos/fundo_topo_not.jpg"> <!--DWLayoutTable--> <tr> <td width="454" height="10" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="454" height="10"><img src="<?=$root?>estilos_imagens/fundos/topo_not.jpg" width="454" height="10" /></td> </tr> </table></td> </tr> <tr> <td height="21" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="454" height="21" valign="top" class="linha_direita_esquerda smc"> <span class="style40"> <span class="style41"><a href="../Master/<?=$_SERVER['PHP_SELF']?><?= $distrito?>">DESENVOLVIMENTO DA NOTÃ�CIA</a></span></span><span class="style39"><span class="style16"></span></span></td> </tr> </table> </td> </tr> </table></td> </tr> <tr> <td height="497" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="linha_quadrado"> <!--DWLayoutTable--> <tr> <td width="9" height="13"></td> <td width="436"></td> <td width="9"></td> </tr> <tr> <td height="483"></td> <td valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="200" rowspan="2" valign="top"><table width="100%" border="0" class="linha_quadrado" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <?php if (file_exists($root."imagens_noticias/".imagemnoticia($noticia['id']))){ $im=$root."imagens_noticias/".imagemnoticia($noticia['id']); } else { $im=$root."imagens_noticias/outros.jpg"; } ?> <td width="200" height="135"><img src="<?php echo $im; ?>" width="200" height="135" /></td> </tr> </table> </td> <td width="9" rowspan="2" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="9" height="135"> </td> </tr> </table> </td> <td width="227" height="36" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="227" height="36" valign="top"><span class="style61"><?=utf8_encode ($noticia['titulo']);?></span></td> </tr> </table> </td> </tr> <tr> <td height="99" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="227" height="99" valign="top"><span class="style16"><?=utf8_encode ($noticia['resumo'])?></span></td> </tr> </table> </td> </tr> <tr> <td height="13" colspan="3" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="436" height="13"></td> </tr> </table></td> </tr> <tr> <td height="315" colspan="3" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="436" height="315" valign="top"><div align="justify"><span class="style16"><?=utf8_encode ($noticia['mensagem'])?></span></div></td> </tr> </table></td> </tr> <tr> <td height="25" colspan="3" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="436" height="25" valign="top"><div align="center"><span class="style16"><strong>Fonte:</strong> <?=utf8_encode($noticia['origem'])?> | <strong>Inserida por:</strong> Admin | <?=$noticia['data']?> ás <?=$noticia['hora']?> </span></div></td> </tr> </table></td> </tr> </table></td> <td></td> </tr> </table></td> </tr> <tr> <td height="779"> </td> </tr> </table></td> <td width="6" rowspan="2" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="6" height="1300" bgcolor="#FFFFFF"> </td> </tr> </table></td> <td width="244" rowspan="2" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="168" valign="top" bgcolor="#FFFFFF"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="45" valign="top" bgcolor="#FFFFFF" class="linha_quadrado"><table width="100%" height="353%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="100%" height="41" align="center" valign="middle" style="text-align:center" id="tr1" name="tr1"><? if (!($_SESSION['nivel']>0)){ ?> <div id="apDiv1"><img src="<?=$root;?>dados2.gif" alt="5" /></div> <input name="user" type="text" class="linha_quadrado" id="user" size="8" maxlength="10" /> <input name="pass" type="password" class="linha_quadrado" id="pass" size="8" maxlength="10" /> <span class="style2"><a href="#"onclick="ajax('<?=$root;?>log.php?user='+document.getElementById('user').value+'&pass='+document.getElementById('pass').value, 'apDiv1');" >OK</a> </span> <? } else { ?> <table width="100%" cellspacing="0" cellpadding="0" border="0"> <tr> <td class="style4" style="text-align:left; font-weight:bold; padding-left:5px">Bem-vindo, <?=util($_SESSION['user'])?></td> <td class="style4" style="text-align:right; padding-right:5px"><a href="#" onclick="ajax('<?=$root?>logout.php', 'apDiv1');">Sair</a> </td> </tr> <tr> <td style="font-size:9px;"> </td> </tr> <tr> <td colspan="2" align="center" style="text-align:center" class="style4"><? if ($_SESSION['nivel']>0){?> <div align="center"> . <a href="<?=$root?>administracao/administracao.php">Administração</a></div> <? } ?> </td> </tr> <tr> <td style="font-size:8px;"> </td> </tr> <tr> <td colspan="2" class="style4"><div align="center"> . <a href="<?=$root?>utilizadores/altdaddos.php">Alterar dados pessoais</a></div></td> </tr> </table> <? } ?> </td> </tr> <tr> <td width="100%" height="58"><table width="100%" height="39" border="0" cellpadding="0" cellspacing="0"> <tr> <td align="left" valign="top" class="style4"> . <a href="<?=$root?>utilizadores/criarutil.php">Criar registo</a></td> <td align="left" valign="top" class="style4" style="text-align:right; padding-right:10px;"><div align="left"> . <a href="#" onclick='window.external.AddFavorite(location.href, document.title);'>Adicionar aos favoritos</a></div></td> </tr> <tr> <td align="left" valign="bottom" class="style4"> . <a href="<?=$root?>utilizadores/repass.php">Recuperar password</a></td> <td align="left" valign="bottom" class="style4" style="text-align:right; padding-right:10px;"><div align="left"> . <a href="#" onclick="this.style.behavior='url(#default#homepage)';this.setHomePage('http://www.bombeiros.pt');">Definir homepage</a></div></td> </tr> </table></td> </tr> <tr> <td width="100%" align="center" valign="top" style="text-align:center;"><table width="90%" border="0" cellpadding="0" cellspacing="0" style="padding-left:10%;"> <tr> <td width="100%" height="10" align="center" valign="middle" style="border-top:#000000 solid 1px; text-align:center; font-size:5px"><br /> <img src="<?=$root?>estilos_imagens/fundos/Bolas_muda.jpg" alt="5" width="164" height="22" border="0" usemap="#Map" /><br /> </td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td height="185" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="185"><? include_once($root."PUB1.php")?></td> </tr> </table></td> </tr> <tr> <td height="6" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="6" bgcolor="#FFFFFF"></td> </tr> </table></td> </tr> <tr> <td height="31" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0" background="../estilos_imagens/fundos/fundo_topo_not.jpg"> <!--DWLayoutTable--> <tr> <td width="244" height="10" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="10"><img src="../estilos_imagens/fundos/topo_peq.jpg" alt="2" width="244" height="10" /></td> </tr> </table></td> </tr> <tr> <td height="21" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="21" class="linha_direita_esquerda"> #8226; <span class="style27"> TECNOLOGIA </span></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td height="166" class="linha_quadrado" valign="middle"><? include_once($root."tecnologia/tecnolog.php")?></td> </tr> <tr> <td height="6" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="6" bgcolor="#FFFFFF"></td> </tr> </table></td> </tr> <tr> <td height="31" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0" background="../estilos_imagens/fundos/fundo_topo_not.jpg"> <!--DWLayoutTable--> <tr> <td width="244" height="10" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="10"><img src="../estilos_imagens/fundos/topo_peq.jpg" alt="2" width="244" height="10" /></td> </tr> </table></td> </tr> <tr> <td height="21" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="21" class="linha_direita_esquerda"> #8226; <span class="style27"> ANIVERSÃ�RIO</span></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td height="104" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" class="linha_quadrado"> <!--DWLayoutTable--> <tr> <td width="9" rowspan="2" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="10" height="94"> </td> </tr> </table></td> <td width="222" height="10" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="224" height="10"></td> </tr> </table></td> <td width="12" rowspan="2" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="12" height="94"> </td> </tr> </table></td> </tr> <tr> <td height="84" valign="top"><span class="style4"></span> <iframe id="teste" name="iframe2" src="../aniversario/aniversarios.php" width="222" height="84" frameborder="0" marginheight="0" scrolling="off"></iframe></td> </tr> <tr> <td height="10" colspan="3" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="242" height="10"></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td height="6" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF"> <!--DWLayoutTable--> <tr> <td width="244" height="6"></td> </tr> </table></td> </tr> <tr> <td height="31" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0" background="../estilos_imagens/fundos/fundo_topo_not.jpg"> <!--DWLayoutTable--> <tr> <td width="244" height="10" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="10"><img src="../estilos_imagens/fundos/topo_peq.jpg" alt="2" width="244" height="10" /></td> </tr> </table></td> </tr> <tr> <td height="21" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="21" class="linha_direita_esquerda"> #8226; <span class="style27"> FÓRUM </span></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td height="110" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="110" bgcolor="#FFFFFF" class="linha_quadrado"><div align="center"><a href="../forum/index.php" target="_blank"><img src="../estilos_imagens/logo_forum[1].jpg" alt="4" width="168" height="76" border="0" /></a></div></td> </tr> </table></td> </tr> <tr> <td height="6" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="244" height="6"></td> </tr> </table></td> </tr> <tr> <td height="167" valign="top"><? include_once($root."menu_lado_direito.php")?></td> </tr> </table> <map name="Map" id="Map"> <area shape="circle" coords="12,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=amarelo" alt="amarelo" /> <area shape="circle" coords="40,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=verde" alt="verde" /> <area shape="circle" coords="69,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=vermelho" alt="vermelho" /> <area shape="circle" coords="97,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=azul" alt="azul" /> <area shape="circle" coords="125,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=cinza" alt="cinza" /> <area shape="circle" coords="153,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=preto" alt="preto" /> </map> <map name="Map" id="Map"> <area shape="circle" coords="12,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=amarelo" alt="amarelo" /> <area shape="circle" coords="40,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=verde" alt="verde" /> <area shape="circle" coords="69,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=vermelho" alt="vermelho" /> <area shape="circle" coords="97,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=azul" alt="azul" /> <area shape="circle" coords="125,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=cinza" alt="cinza" /> <area shape="circle" coords="153,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=preto" alt="preto" /> </map> <map name="Map" id="Map"> <area shape="circle" coords="12,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=amarelo" alt="amarelo" /> <area shape="circle" coords="40,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=verde" alt="verde" /> <area shape="circle" coords="69,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=vermelho" alt="vermelho" /> <area shape="circle" coords="97,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=azul" alt="azul" /> <area shape="circle" coords="125,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=cinza" alt="cinza" /> <area shape="circle" coords="153,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=preto" alt="preto" /> </map></td> </tr> <tr> <td height="424" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="180" height="13"></td> </tr> <tr> <td height="411" valign="top"><div align="center"><br /> <? include_once($root."menu_lado_esquerdo.php")?> </div></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td height="54" colspan="2" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="890" height="54"><? include_once($root."menu_fundo.php")?></td> </tr> </table> </td> </tr> <tr> <td height="8" colspan="4" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="900" height="8" valign="top" class="barrafundo"></td> </tr> </table></td> </tr></table><map name="Map"><area shape="circle" coords="12,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=amarelo" alt="amarelo"><area shape="circle" coords="40,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=verde" alt="verde"><area shape="circle" coords="69,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=vermelho" alt="vermelho"><area shape="circle" coords="97,11,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=azul" alt="azul"><area shape="circle" coords="125,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=cinza" alt="cinza"><area shape="circle" coords="153,12,10" href="<?=$_SERVER['../Master/PHP_SELF']?>?fundo=preto" alt="preto"></map></body></html>sorry for the mistake, thanks very much for the time |
|
|
|
webfred
Master Smack Fu Yak Hacker
8781 Posts |
Posted - 2010-02-15 : 13:52:21
|
You should have a better luck if you would try to get help in the right forum.This is a forum about MS SQL Server.Your problem is about PHP and MySQL.
No, you're never too old to Yak'n'Roll if you're too young to die. |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-15 : 13:58:22
|
| Nothing sanitising on that page either ...... but it doesn't have a <FORM>, nor any obvious SQL statements, so not sure why you think it is being hacked??But it does have REQUEST statements which are not being sanitised.Do you understand what SQL Injection is? Because if not trying to help you is a bit like stumbling around in the dark ... |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-15 : 14:01:25
|
| "Your problem is about PHP and MySQL"Indeed, but I'm not sure the issues about SQL-Injection are any different, are they? |
|
|
|
webfred
Master Smack Fu Yak Hacker
8781 Posts |
Posted - 2010-02-15 : 14:12:18
|
Not sure.But one note is:MS SQL Server comes shipped with some system stored procedures ... a hacker could be able to create a new user or whatever.So if this is something special then I don't know what is to consider if MySQL is in use.MySQL comes without stored procedures as far as I know but maybe there are other preferred ways for hackers to do something bad.Hence I think a forum for PHP and MySQL can give a better help...
No, you're never too old to Yak'n'Roll if you're too young to die. |
|
|
|
bonucci
Starting Member
3 Posts |
Posted - 2010-02-15 : 14:28:33
|
| Well, guys, i did go to php forums of course, im no einstein, but i no where to go first, and if i came here its because other places didnt responde to me And yes, its vulnerable cause i try it to get informations from the browser like examples in google, or youtube(sql injections) and it still having the same problem.Well, thanks anyway |
|
|
|
tosscrosby
Aged Yak Warrior
676 Posts |
Posted - 2010-02-15 : 14:56:09
|
| Try this site. It has a forum for MySQL and php. I don't currently use either one so I'm not sure about the quality of those particular forums but maybe it'll provide some insight for you.http://tinyurl.com/2h5tkTerry-- Procrastinate now! |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-16 : 01:48:51
|
| The issue is either that you are not sanitising the data you get from Web Forms, or (thanks Webfred ""maybe there are other preferred ways for hackers to do something bad. ") you have left the MySQL and/or PHP default admin setup files in the config directory, and have not changed the default admin password. We get people attempting to access those every day and we don't have either installed! |
|
|
|
MrQuizzles
Starting Member
20 Posts |
Posted - 2010-02-16 : 14:41:04
|
| Indeed, there's even a worm that will delete your entire database if you failed to change the default admin username/password to your MySQL database.About sanitizing input: If you are ever putting values from either user input or cookies, anything that could potentially be messed with by users, into your queries, it requires sanitizing. A good start is to strip or escape all single quotes, escape characters and semicolons from them in cases where you're simply concatenating. A better solution is to use stored procedures in cases where you're getting values from potentially dangerous input.Stored procedures get around the problem with concatenating and protect you from such injection attacks.I'm not sure if MySQL has implemented stored procedures yet (Edit: It seems that anything after MySQL version 5 has stored procedures). If not, you can always use PostgresSQL.Also, please say you're not storing plain text passwords in your database. Encrypt them with SHA1 or a salted MD5 hash. That way, if attackers do manage to get into your database, it'll take months to years for them to figure out any passwords. |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-17 : 02:43:25
|
" A good start is to strip or escape all single quotes, escape characters and semicolons from them in cases where you're simply concatenating."Should be sufficient to double-up single quotes, and surround the data value with quotes. May not be the most efficient, butSELECT * FROM MyTable WHERE MyIntColumnAge = fnSanitised($MyAge) will work fine if it is givenSELECT * FROM MyTable WHERE MyIntColumnAge = '21' and that will prevent SQL injection if the user types "21;DROP DATABASE FooBar"  Rather than trying to work out which Single Quotes and which Semi columns are valid within the data etc ...But yeah, parametrised queries is safer - provided that the SQL code doesn't then do string concatenation with the parameters! |
|
|
|
madhivanan
Premature Yak Congratulator
22864 Posts |
Posted - 2010-02-17 : 03:54:23
|
| <<But yeah, parametrised queries is safer - provided that the SQL code doesn't then do string concatenation with the parameters!>>Can you give me a code sample?I dont know what you meantMadhivananFailing to plan is Planning to fail |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-17 : 05:45:45
|
| [code]CREATE PROCEDURE uspHackMe @MyAge varchar(8000)ASDECLARE @strSQL nvarchar(4000)SELECT @strSQL = 'SELECT * FROM MyTable WHERE MyIntColumnAge = ' + @MyAge -- Unsanitized!EXEC (@strSQL)[/code] |
|
|
|
Transact Charlie
Master Smack Fu Yak Hacker
3451 Posts |
Posted - 2010-02-17 : 07:27:06
|
If you do use parametrized queries then definately don't do that! As Kristen pointed out!If you change it slightly though you will be safe. This is the Safe translation of Kristen's codeCREATE PROCEDURE uspHackMe @MyAge varchar(8000)ASDECLARE @strSQL VARCHAR(MAX)SELECT @strSQL = 'SELECT *FROM MyTableWHERE MyIntColumnAge = @myAge'EXEC sp_executeSql @strSql , N'@myAge VARCHAR(8000)' , @myAge Of course this is glossing over the fact that you wouldn't need to use dynamic sql for that particular statement anyway.... but moving hurriedly on!Charlie===============================================================Msg 3903, Level 16, State 1, Line 1736The ROLLBACK TRANSACTION request has no corresponding BEGIN TRANSACTION |
|
|
|
madhivanan
Premature Yak Congratulator
22864 Posts |
Posted - 2010-02-17 : 07:46:29
|
quote:
Originally posted by Kristen
CREATE PROCEDURE uspHackMe @MyAge varchar(8000)ASDECLARE @strSQL nvarchar(4000)SELECT @strSQL = 'SELECT * FROM MyTable WHERE MyIntColumnAge = ' + @MyAge -- Unsanitized!EXEC (@strSQL)
I thought you were referring the front end code where command object is usedMadhivananFailing to plan is Planning to fail |
|
|
|
|
|
|
|
|
Sql injection attack