Skilled Illusionist
- Joined
- Mar 31, 2011
- Messages
- 382
- Reaction score
- 48
Most visitors online was 11705 , on 26 Apr 2024
Web zone gamerz error
- Thread starter Anthony Rizaldo
- Start date
Newbie Spellweaver
- Joined
- Apr 13, 2014
- Messages
- 56
- Reaction score
- 3
Thank you very much Sir its now working...Just one more help Sir. How to make this one
stay at the center just like it old position I tried but it did not work hope you can help me Sir..... Repu added ... Thanks in advance. regardsProblem solve Sir I just edit your script the position now is at the center..Thank you very much for your help...
Last edited:
Newbie Spellweaver
- Joined
- Apr 13, 2014
- Messages
- 56
- Reaction score
- 3
Thanks bro I finally got it..Thanks also to Sir John for sharing his expertise. Im glad that you have fix your problem too..
regards Newbie
Skilled Illusionist
- Joined
- Mar 31, 2011
- Messages
- 382
- Reaction score
- 48
For that we are, for any questions about PHP, HTML, MySQL or MSSQL, can contact me on the link my signature.
Tantra Freelancer
- Joined
- Apr 9, 2014
- Messages
- 541
- Reaction score
- 23
@John
Can you help me fixing the Change Email page of WebZoneGamerz? When I try to change my email it always gives me an error saying that the ZGCode I provided was wrong but in fact its the one I got from MSSQL table (ZGCode).
Ciao!
Can you help me fixing the Change Email page of WebZoneGamerz? When I try to change my email it always gives me an error saying that the ZGCode I provided was wrong but in fact its the one I got from MSSQL table (ZGCode).
Ciao!
Newbie Spellweaver
- Joined
- May 13, 2009
- Messages
- 24
- Reaction score
- 7
WebZoneGamerz have explot in Ranking.php users use SQL Injection
used to gain direct items to their accounts and tanys
used to gain direct items to their accounts and tanys
PHP:
/ranking.php?Dios=&Order=LVL&Tribe=128%20declare%20@sql%20varchar(800)%20set%20@sql=0x(string to hex code)%20exec(@sql)%20select%201%20from%20Tantra..TantraBackup00%20where%201=1
Last edited:
Tantra Freelancer
- Joined
- Apr 9, 2014
- Messages
- 541
- Reaction score
- 23
Not working lol
Newbie Spellweaver
- Joined
- Nov 6, 2012
- Messages
- 45
- Reaction score
- 6
of course it works, check it http://forum.ragezone.com/f785/exploit-sql-injection-webzonegamerz-ranking-1024880/#post8197890
Tantra Freelancer
- Joined
- Apr 9, 2014
- Messages
- 541
- Reaction score
- 23
Nice and to all WebZoneGamerz users out there..you can try to ban the word "declare" to prevent this inject..is that right alxndr?
Newbie Spellweaver
- Joined
- Nov 6, 2012
- Messages
- 45
- Reaction score
- 6
yeah, you can avoid this and only this by banning 'declare', but the best approach to avoid sql injection of any kind would be changing all your database calls to PDO.
Tantra Freelancer
- Joined
- Apr 9, 2014
- Messages
- 541
- Reaction score
- 23
I heard about PDO but really never tried it before if you can share how to do it that would be great.
Newbie Spellweaver
- Joined
- Nov 6, 2012
- Messages
- 45
- Reaction score
- 6
well, it's not that hard, but you have to do all the calls from scratch, it will be as making the whole site again.
Tantra Freelancer
- Joined
- Apr 9, 2014
- Messages
- 541
- Reaction score
- 23
So what if change the Database names?
Newbie Spellweaver
- Joined
- Nov 6, 2012
- Messages
- 45
- Reaction score
- 6
it's not use, coz if people think like me, i would use meterpreter sqlmap to help me to scan the database
Tantra Freelancer
- Joined
- Apr 9, 2014
- Messages
- 541
- Reaction score
- 23
I see thanks anyways why only Ranking page of that web template mentioned?
Newbie Spellweaver
- Joined
- Nov 6, 2012
- Messages
- 45
- Reaction score
- 6
Cuz, the programmer of that site thought if people don't put the inputs, then, it's no use to validate them.
Tantra Freelancer
- Joined
- Apr 9, 2014
- Messages
- 541
- Reaction score
- 23
Ok so that kind of SQL injection posted by that forumer will only be use in the ranking page or there are other pages that are vulnerable for injection?
Newbie Spellweaver
- Joined
- Nov 6, 2012
- Messages
- 45
- Reaction score
- 6
If you have good eye, you could say, that most of the pages have that ranking, i think zonagammers was the base site or al least a reference to developt some new sites.
But it is not only the ranking, s_game, register, forgot password, every can be exploited if you are a bit smart and the site is awfully insecure.
Tantra Freelancer
- Joined
- Apr 9, 2014
- Messages
- 541
- Reaction score
- 23
Ok so for learning purposes..so for example for this PHP Script (credits to whoever posted it lol)
PHP:
?PHP
$xa = getenv('REMOTE_ADDR');
$badwords = array(";","'","\"","*","union","del","DEL","insert","update","drop","sele","memb","set","$","res3t","wareh","%","sa","#"," ",")","/","null","\"");
foreach($_POST as $value)
foreach($badwords as $word)
if(substr_count($value, $word) > 0)
die();
class sql_inject
{
/**
* [USER=1333419955]Sho[/USER]rtdesc url to redirect if an sql inject attempt is detect. if unset, value is FALSE
* [USER=825028]Private[/USER]
* [USER=1333375725]Type[/USER] mixed
*/
var $urlRedirect;
/**
* [USER=1333419955]Sho[/USER]rtdesc does the session must be destroy if an attempt is detect
* [USER=825028]Private[/USER]
* [USER=1333375725]Type[/USER] bool
*/
var $bdestroy_session;
/**
* [USER=1333419955]Sho[/USER]rtdesc the SQL data currently test
* [USER=825028]Private[/USER]
* [USER=1333375725]Type[/USER] string
*/
var $rq;
/**
* [USER=1333419955]Sho[/USER]rtdesc if not FALSE, the url to the log file
* [USER=825028]Private[/USER]
* [USER=1333375725]Type[/USER] mixed
*/
var $bLog;
/**
* Builder
*
* [USER=1333357818]param[/USER] bool bdestroy_session optional. does the session must be destroy if an attempt is detect?
* [USER=1333357818]param[/USER] string urlRedirect optional. url to redirect if an sql inject attempt is detect
* @public
* [USER=1333375725]Type[/USER] void
*/
function sql_inject($mLog=FALSE,$bdestroy_session=FALSE,$urlRedirect=FALSE)
{
$this->bLog = (($mLog!=FALSE)?$mLog:'');
$this->urlRedirect = (((trim($urlRedirect)!='') && file_exists($urlRedirect))?$urlRedirect:'');
$this->bdestroy_session = $bdestroy_session;
$this->rq = '';
}
/**
* [USER=1333419955]Sho[/USER]rtdesc test if there is a sql inject attempt detect
* test if there is a sql inject attempt detect
*
* [USER=1333357818]param[/USER] string sRQ required. SQL Data to test
* @public
* [USER=1333375725]Type[/USER] bool
*/
function test($sRQ)
{
$sRQ = strtolower($sRQ);
$this->rq = $sRQ;
$aValues = array();
$aTemp = array(); // temp array
$aWords = array(); //
$aSep = array(' and ',' or '); // separators for detect the
$sConditions = '(';
$matches = array();
$sSep = '';
// is there an attempt to unused part of the rq?
if (is_int((strpos($sRQ,"#")))&&$this->_in_post('#')) return $this->detect();
// is there a attempt to do a 2nd SQL requete ?
if (is_int(strpos($sRQ,';'))){
$aTemp = explode(';',$sRQ);
if ($this->_in_post($aTemp[1])) return $this->detect();
}
$aTemp = explode(" where ",$sRQ);
if (count($aTemp)==1) return FALSE;
$sConditions = $aTemp[1];
$aWords = explode(" ",$sConditions);
if(strcasecmp($aWords[0],'select')!=0) $aSep[] = ',';
$sSep = '('.implode('|',$aSep).')';
$aValues = preg_split($sSep,$sConditions,-1, PREG_SPLIT_NO_EMPTY);
// test the always true expressions
foreach($aValues as $i => $v)
{
// SQL injection like 1=1 or a=a or 'za'='za'
if (is_int(strpos($v,'=')))
{
$aTemp = explode('=',$v);
if (trim($aTemp[0])==trim($aTemp[1])) return $this->detect();
}
//SQL injection like 1<>2
if (is_int(strpos($v,'<>')))
{
$aTemp = explode('<>',$v);
if ((trim($aTemp[0])!=trim($aTemp[1]))&& ($this->_in_post('<>'))) return $this->detect();
}
}
if (strpos($sConditions,' null'))
{
if (preg_match("/null +is +null/",$sConditions)) return $this->detect();
if (preg_match("/is +not +null/",$sConditions,$matches))
{
foreach($matches as $i => $v)
{
if ($this->_in_post($v))return $this->detect();
}
}
}
if (preg_match("/[a-z0-9]+ +between +[a-z0-9]+ +and +[a-z0-9]+/",$sConditions,$matches))
{
$Temp = explode(' between ',$matches[0]);
$Evaluate = $Temp[0];
$Temp = explode(' and ',$Temp[1]);
if ((strcasecmp($Evaluate,$Temp[0])>0) && (strcasecmp($Evaluate,$Temp[1])<0) && $this->_in_post($matches[0])) return $this->detect();
}
return FALSE;
}
function _in_post($value)
{
foreach($_POST as $i => $v)
{
if (is_int(strpos(strtolower($v),$value))) return TRUE;
}
return FALSE;
}
function detect()
{
// log the attempt to sql inject?
if ($this->bLog)
{
$fp = @fopen($this->bLog,'a+');
if ($fp)
{
fputs($fp,"\r\n".date("d-m-Y H:i:s").' ['.$this->rq.'] from '.$this->sIp = getenv("REMOTE_ADDR"));
fclose($fp);
}
}
// destroy session?
if ($this->bdestroy_session) session_destroy();
// redirect?
if ($this->urlRedirect!=''){
if (!headers_sent()) header("location: $this->urlRedirect");
}
return TRUE;
}
function protect1($protected) { // This Will be the fuction we call to protect the variables.
$banlist = array ("'", "\"", "<", "\\", "|", "/", "=", "insert", "select", "update", "delete", "distinct", "having", "truncate", "replace", "handler", "like", "procedure", "limit", "order by", "group by", "asc", "desc");
//$banlist is the list of words you dont want to allow.
if ( eregi ( "[a-zA-Z0-9@]+", $protected ) ) { // Makes sure only legitimate Characters are used.
$protected = trim(str_replace($banlist, '', $protected)); // Takes out whitespace, and removes any banned words.
return $protected;
//echo "+";
} else {
//echo "-";
echo $protected;
die ( ' Is invalid for that spot, please try a different entry.' ); // Message if thier is any characters not in [a-zA-Z0-9].
} // ends the if ( eregi ( "[a-zA-Z0-9]+", $this->protected ) ) {
} // ends the function Protect() {
function protect2($protected) { // This Will be the fuction we call to protect the variables.
$banlist = array ("'", "\"", "<", "\\", "|", "/", "=", "insert", "select", "update", "delete", "distinct", "having", "truncate", "replace", "handler", "like", "procedure", "limit", "order by", "group by", "asc", "desc");
//$banlist is the list of words you dont want to allow.
if ( eregi ( "[0-9]+", $protected ) ) { // Makes sure only legitimate Characters are used.
$protected = trim(str_replace($banlist, '', $protected)); // Takes out whitespace, and removes any banned words.
return $protected;
//echo "+";
} else {
//echo "-";
echo $protected;
die ( ' Tidak valid untuk tempat itu, silakan coba entri yang berbeda.' ); // Message if thier is any characters not in [a-zA-Z0-9].
} // ends the if ( eregi ( "[a-zA-Z0-9]+", $this->protected ) ) {
} // ends the function Protect() {
}
?>Do you think users can still place the word "declare" in that script? and is this a good script?
RaGEZONE Sponsor
