Php Effective Anti Injection Script -> No symbol block

Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 52
  1. #31
    Proficient Member Weedlord is offline
    MemberRank
    Jan 2005 Join Date
    BelguimLocation
    193Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    Does sombady already know where to put this file intro MuWeb 0.8 ? I dont have alot expierence intro Websites or any coding so please can sombady tell me where to put this intro MuWeb 0.8 ?

  2. #32
    Account Upgraded | Title Enabled! AdidasS is offline
    MemberRank
    Jun 2005 Join Date
    SumyLocation
    394Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    Weedlord, try put it in includes/character.class.php, there are functions of add/manage accounts. But i think muweb 0.8 is already full secure from sql inject and u don't need use this script (i don't use muweb that is only my opinion).
    Sry for my eng.

  3. #33
    Account Upgraded | Title Enabled! AdidasS is offline
    MemberRank
    Jun 2005 Join Date
    SumyLocation
    394Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    Savoy, do u release all script of xweb?

  4. #34
    Account Upgraded | Title Enabled! FCV2005 is offline
    MemberRank
    Mar 2007 Join Date
    RomaniaLocation
    1,080Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    great man ...
    thx

    work 4 muweb ??

  5. #35
    Apprentice Alekiel is offline
    MemberRank
    Oct 2007 Join Date
    Around the worlLocation
    18Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    Thanks so much, good job:flag_schw

  6. #36
    Account Upgraded | Title Enabled! kirka121 is offline
    MemberRank
    Jul 2007 Join Date
    CanadaLocation
    448Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    in muweb 0.8 u put this script into /includes/muweb.php
    which makes the whole website become one blank page, which means that no, this script doesnt work with all websites -.-

  7. #37
    Account Upgraded | Title Enabled! RisingKing2010 is offline
    MemberRank
    Feb 2006 Join Date
    loc( 'RisingKing', 'USA' );Location
    1,362Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    nice job... creative idea, apply a double single quote rather than removing it... seems simple enough and effective.

    for those ppl that dont know how to use this, just paste this at the top of your index.php you shouldnt have many problems... the script automatically filters all data...
    Quote Originally Posted by anhnga
    Wink Re: [Release] Php Effective Anti Injection Script -> No symbol block
    Quote:
    Originally Posted by themad View Post
    You really should do some reading....
    The addslashes() is not a function to use for such a thing. Simply said:
    $charname=addslashes("Fluffy'; drop table character"); // you should get Fluffy\'; drop table character; -- right ? try to execute it and see what happens..
    mssql_query("select Resets from character where Name='".$charname."'");

    \' doesn't cut it with mssql...you have to use two single quotes in order to avoid it . Str_replace("'","'',$var);

    The script i have brough simply filters ALL user inputed variables from browser to server and checks not to double filter ( i mean the ' to become '''''..etc.. ), effective and without having to check every single post/get var..

    If you are using an addslashes() function as a protection..better change it fast..
    Themad!
    Please help me, how to add your script to muweb 08???, what file need to add....???
    Thank!
    I actually don't recommend using muweb 0.8 unless you redo all of the scripts, I have seen a lot of very effective scripts applied, including some of my own, get haxed on MW 0.8 :/

  8. #38
    Account Upgraded | Title Enabled! kirka121 is offline
    MemberRank
    Jul 2007 Join Date
    CanadaLocation
    448Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    myea, i used to like muweb cause its so editable and simple. but now its plain garbage. unless someone comes up with the full and real fix to all the holes.
    btw, i dont think this would work if u put in index.php, index.php is not the file whcih connects to mssql, if you put this in a file which actually has the connection scripts in it, page goes puff - blank.

  9. #39
    Member sexy4life is offline
    MemberRank
    Jan 2008 Join Date
    67Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    Well this looks like it will work only way to find out is to use it.

    I am using it and ill let you know if any intrusions occur while using it .

    Thanks themad good release 9/10 :winky:

  10. #40
    Account Upgraded | Title Enabled! RisingKing2010 is offline
    MemberRank
    Feb 2006 Join Date
    loc( 'RisingKing', 'USA' );Location
    1,362Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    Quote Originally Posted by kirka121 View Post
    myea, i used to like muweb cause its so editable and simple. but now its plain garbage. unless someone comes up with the full and real fix to all the holes.
    btw, i dont think this would work if u put in index.php, index.php is not the file whcih connects to mssql, if you put this in a file which actually has the connection scripts in it, page goes puff - blank.
    if you put it b4 the include "config.php"; or etc it clears all client controlled data before any scripts use that data... so its like:
    open index.php
    run the script //which fixed the data
    connect to server //by including your connection file
    call fixed data //like $account = $_POST['account'];
    execute query with fixed data //you shouldn't need more protection than that... unless you want to be precaution ;)

    basically it has to be executed before your sql scripts are executed, in theory, it should work just by putting it at the top of the index.php because the index.php is where the site comes together, if you want to feel more secure you could put it be for the area where you connect to the server, but it should work the same if you put it at the top of the index
    Last edited by RisingKing2010; 30-08-08 at 03:22 PM.

  11. #41
    Account Upgraded | Title Enabled! kirka121 is offline
    MemberRank
    Jul 2007 Join Date
    CanadaLocation
    448Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    hmm, okai, i l see if this works on the ultrahackable muweb 0.8 ;D

  12. #42
    Proficient Member Team_NOVA is offline
    MemberRank
    Oct 2006 Join Date
    ?>Hm.. Oh yeah Earth<?Location
    165Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    lolz gj 10/10
    ;]

  13. #43
    Alpha Member iBimbo is offline
    MemberRank
    Oct 2007 Join Date
    Section 192Location
    2,423Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    I will allow this bump cus its useful.

    If you do it again Kirka you'll be infracted.

  14. #44
    Account Upgraded | Title Enabled! kirka121 is offline
    MemberRank
    Jul 2007 Join Date
    CanadaLocation
    448Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    um.. why exactly? because i replied to a 1year old topic? whats wrong with that?

  15. #45
    Alpha Member christoper is offline
    MemberRank
    Aug 2007 Join Date
    PhP DecoderLocation
    1,560Posts

    Re: [Release] Php Effective Anti Injection Script -> No symbol block

    thanks for the release !!!



Page 3 of 4 FirstFirst 1234 LastLast

Advertisement