SQL injection:
mysql_query("DELETE FROM `ban_ip` WHERE `min` = '".$_GET['delmin']."' AND `max` = '".$_GET['delmax']."' LIMIT 1"); mysql_query("INSERT INTO `menu` (`name`, `url`, `counter`, `pos`, `icon`) VALUES ('$name', '$url', '$counter', '$pos', '$icon')"); XSS:
echo "О себе:<br />\n<input type='text' name='ank_o_sebe' value='$user[ank_o_sebe]' maxlength='512' /><br />\n"; echo "» Общий доход: <b>".$dohod."</b> <br/>"; Please explain how to fix and what are the errors?
Everywhere where data come from geth need to do
mysql_real_escape_string($_GET['XXX']) consider an example:
mysql_query("DELETE FROM `ban_ip` WHERE `min` = '".$_GET['delmin']."' AND `max` = '".$_GET['delmax']."' LIMIT 1"); I call the url: http://mysite.ru/admin/?delmin= 'OR min like'% '- // & delmax =
and the following sql query is executed as a result:
DELETE FROM `ban_ip` WHERE `min` = '' OR `min` like '%' --//' AND `max` = '' LIMIT 1 guess what this request will do?
As for SQL, I’ll add that digital data (when you know in advance that you have to get a number) - you can check for is_numeric and / or cast to type int .
About XSS - here is the link
Source: https://ru.stackoverflow.com/questions/52519/
All Articles