Most visitors online was 12542 , on 28 Apr 2024
Php Effective Anti Injection Script -> No symbol block
- Thread starter themad
- Start date
Newbie Spellweaver
- Joined
- Oct 12, 2005
- Messages
- 10
- Reaction score
- 0
Re: [Release] Php Effective Anti Injection Script -> No symbol block
When need this SQL anti injection? All problems in ' - quotes and ; - symbol...
Use:
When need this SQL anti injection? All problems in ' - quotes and ; - symbol...
Use:
- Joined
- Dec 27, 2004
- Messages
- 108
- Reaction score
- 16
Re: [Release] Php Effective Anti Injection Script -> No symbol block
You really should do some reading....
The addslashes() is not a function to use for such a thing. Simply said:
$charname=addslashes("Fluffy'; drop table character"); // you should get Fluffy\'; drop table character; -- right ? try to execute it and see what happens..
mssql_query("select Resets from character where Name='".$charname."'");
\' doesn't cut it with mssql...you have to use two single quotes in order to avoid it . Str_replace("'","'',$var);
The script i have brough simply filters ALL user inputed variables from browser to server and checks not to double filter ( i mean the ' to become '''''..etc.. ), effective and without having to check every single post/get var..
If you are using an addslashes() function as a protection..better change it fast..
You really should do some reading....
The addslashes() is not a function to use for such a thing. Simply said:
$charname=addslashes("Fluffy'; drop table character"); // you should get Fluffy\'; drop table character; -- right ? try to execute it and see what happens..
mssql_query("select Resets from character where Name='".$charname."'");
\' doesn't cut it with mssql...you have to use two single quotes in order to avoid it . Str_replace("'","'',$var);
The script i have brough simply filters ALL user inputed variables from browser to server and checks not to double filter ( i mean the ' to become '''''..etc.. ), effective and without having to check every single post/get var..
If you are using an addslashes() function as a protection..better change it fast..
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Please help me, how to add your script to muweb 08???, what file need to add....???
Thank!
Themad!
Please help me, how to add your script to muweb 08???, what file need to add....???
Thank!
- Joined
- Dec 27, 2004
- Messages
- 108
- Reaction score
- 16
Re: [Release] Php Effective Anti Injection Script -> No symbol block
I have not downloaded muweb like..ever...i don't know how its build...can't help you
Newbie Spellweaver
- Joined
- Oct 9, 2004
- Messages
- 30
- Reaction score
- 0
Re: [Release] Php Effective Anti Injection Script -> No symbol block
It is a nice script but it won't put an end to malicious attack. In MUweb ppl still could get their board hacked by remote inclusion, in a web of czf there's xss ... But the script does good enough to stop sql injection. wat i fear is blind sql injection -.-
It is a nice script but it won't put an end to malicious attack. In MUweb ppl still could get their board hacked by remote inclusion, in a web of czf there's xss ... But the script does good enough to stop sql injection. wat i fear is blind sql injection -.-
Newbie Spellweaver
- Joined
- Feb 27, 2007
- Messages
- 50
- Reaction score
- 0
Re: [Release] Php Effective Anti Injection Script -> No symbol block
bug good man thx !!!
bug good man thx !!!
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Does sombady already know where to put this file intro MuWeb 0.8 ? I dont have alot expierence intro Websites or any coding so please can sombady tell me where to put this intro MuWeb 0.8 ?
Does sombady already know where to put this file intro MuWeb 0.8 ? I dont have alot expierence intro Websites or any coding so please can sombady tell me where to put this intro MuWeb 0.8 ?
Junior Spellweaver
- Joined
- Jun 5, 2005
- Messages
- 110
- Reaction score
- 1
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Weedlord, try put it in includes/character.class.php, there are functions of add/manage accounts. But i think muweb 0.8 is already full secure from sql inject and u don't need use this script (i don't use muweb that is only my opinion).
Sry for my eng.
Weedlord, try put it in includes/character.class.php, there are functions of add/manage accounts. But i think muweb 0.8 is already full secure from sql inject and u don't need use this script (i don't use muweb that is only my opinion).
Sry for my eng.
Junior Spellweaver
- Joined
- Jun 5, 2005
- Messages
- 110
- Reaction score
- 1
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Savoy, do u release all script of xweb?
Savoy, do u release all script of xweb?
- Joined
- Mar 17, 2007
- Messages
- 737
- Reaction score
- 266
Re: [Release] Php Effective Anti Injection Script -> No symbol block
great man ...
thx
work 4 muweb ??
great man ...
thx
work 4 muweb ??
Newbie Spellweaver
- Joined
- Oct 2, 2007
- Messages
- 11
- Reaction score
- 0
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Thanks so much, good job:flag_schw
Thanks so much, good job:flag_schw
Experienced Elementalist
- Joined
- Jul 3, 2007
- Messages
- 200
- Reaction score
- 3
Re: [Release] Php Effective Anti Injection Script -> No symbol block
in muweb 0.8 u put this script into /includes/muweb.php
which makes the whole website become one blank page, which means that no, this script doesnt work with all websites -.-
in muweb 0.8 u put this script into /includes/muweb.php
which makes the whole website become one blank page, which means that no, this script doesnt work with all websites -.-
- Joined
- Feb 11, 2006
- Messages
- 219
- Reaction score
- 1
Re: [Release] Php Effective Anti Injection Script -> No symbol block
nice job... creative idea, apply a double single quote rather than removing it... seems simple enough and effective.
for those ppl that dont know how to use this, just paste this at the top of your index.php you shouldnt have many problems... the script automatically filters all data...
nice job... creative idea, apply a double single quote rather than removing it... seems simple enough and effective.
for those ppl that dont know how to use this, just paste this at the top of your index.php you shouldnt have many problems... the script automatically filters all data...
I actually don't recommend using muweb 0.8 unless you redo all of the scripts, I have seen a lot of very effective scripts applied, including some of my own, get haxed on MW 0.8 :/anhnga said:
Experienced Elementalist
- Joined
- Jul 3, 2007
- Messages
- 200
- Reaction score
- 3
Re: [Release] Php Effective Anti Injection Script -> No symbol block
myea, i used to like muweb cause its so editable and simple. but now its plain garbage. unless someone comes up with the full and real fix to all the holes.
btw, i dont think this would work if u put in index.php, index.php is not the file whcih connects to mssql, if you put this in a file which actually has the connection scripts in it, page goes puff - blank.
myea, i used to like muweb cause its so editable and simple. but now its plain garbage. unless someone comes up with the full and real fix to all the holes.
btw, i dont think this would work if u put in index.php, index.php is not the file whcih connects to mssql, if you put this in a file which actually has the connection scripts in it, page goes puff - blank.
Newbie Spellweaver
- Joined
- Jan 17, 2008
- Messages
- 20
- Reaction score
- 0
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Well this looks like it will work only way to find out is to use it.
I am using it and ill let you know if any intrusions occur while using it .
Thanks themad good release 9/10 :winky:
Well this looks like it will work only way to find out is to use it.
I am using it and ill let you know if any intrusions occur while using it .
Thanks themad good release 9/10 :winky:
- Joined
- Feb 11, 2006
- Messages
- 219
- Reaction score
- 1
Re: [Release] Php Effective Anti Injection Script -> No symbol block
open index.php
run the script //which fixed the data
connect to server //by including your connection file
call fixed data //like $account = $_POST['account'];
execute query with fixed data //you shouldn't need more protection than that... unless you want to be precaution
basically it has to be executed before your sql scripts are executed, in theory, it should work just by putting it at the top of the index.php because the index.php is where the site comes together, if you want to feel more secure you could put it be for the area where you connect to the server, but it should work the same if you put it at the top of the index
if you put it b4 the include "config.php"; or etc it clears all client controlled data before any scripts use that data... so its like:
open index.php
run the script //which fixed the data
connect to server //by including your connection file
call fixed data //like $account = $_POST['account'];
execute query with fixed data //you shouldn't need more protection than that... unless you want to be precaution
basically it has to be executed before your sql scripts are executed, in theory, it should work just by putting it at the top of the index.php because the index.php is where the site comes together, if you want to feel more secure you could put it be for the area where you connect to the server, but it should work the same if you put it at the top of the index
Last edited:
Similar threads
RaGEZONE Sponsor
