yoyois Posted June 27, 2012 Report Share Posted June 27, 2012 http://mytest-php.web44.net/Nu stiu cat de posibil e sqlI pe acest website.Vreau sa invat mai multe despre php & sql si as fi foarte recunoscator sa lasati o mica explicatie despre: cat de vul e?; de ce?; ce trebuie modificat?; Quote Link to comment Share on other sites More sharing options...
A9N Posted June 27, 2012 Report Share Posted June 27, 2012 (edited) Nu prea am la ce sa-ti dau feedback, ii doar un formular de login.SELECT * FROM example WHERE user='' OR 1='1' and pass='' OR 1='1' Access Granted!Mie unu imi place la formularele de login sa fac un regex si daca gasesc orice altceva in afara de - . 0-9 a-z A-Z, zic ca e invalid si gata (la username). La parola fac o functie encrypt_pass(parola) care de obicei imi returneaza md5(parola)... [depinde ce algoritm de "criptare" folosesc pentru aplicatia respectiva].LE:Exemplu: In felul meu, daca la username introduc ' OR 1=1' o sa dea mesaj: Username invalid. La parola, daca introduc ' OR 1=1' imi face md5("'OR 1=1'") si cand interoghez baza de date cu md5-ul respectiv, nu mi-l gaseste asociat username-ului ( parola din baza de date e md5(parola) ).** Stiu ca nu e cea mai buna explicatie, is cam obosit si nu ma pot concentra. Sper sa te ajute cu ceva. Edited June 27, 2012 by A9N Quote Link to comment Share on other sites More sharing options...
denjacker Posted June 27, 2012 Report Share Posted June 27, 2012 Quote Link to comment Share on other sites More sharing options...
Wubi Posted June 27, 2012 Report Share Posted June 27, 2012 Quote Link to comment Share on other sites More sharing options...
yoyois Posted June 28, 2012 Author Report Share Posted June 28, 2012 mai exista vrea cale de bypass daca folosesc "mysql_real_escape_string()" ? Quote Link to comment Share on other sites More sharing options...
staticwater Posted June 28, 2012 Report Share Posted June 28, 2012 Eu folosesc proceduri stocate(stored procedures), are o multime de avantaje + e "bullet proof" la SQLI! Stored procedure - Wikipedia, the free encyclopedia http://inf.ucv.ro/~popirlan/bd/laborator8.pdf Quote Link to comment Share on other sites More sharing options...
yoyois Posted June 28, 2012 Author Report Share Posted June 28, 2012 Pe mina ma intereseaza sa fie VULNERABL! Quote Link to comment Share on other sites More sharing options...