 |
 |
 |
 |
|
|
|
Comments for: besserer20050819
| Message # 1029833: |
|
Date: 08/23/05 17:22
By: Ivo Jansch Subject: Watch out, unsafe code here You've created an sql injection vulnerability in this example. Note that you *ALWAYS* have to escape and verify user input before using it in a query. Take this for example: $query = "DELETE FROM blog_entries WHERE blog_id={$_POST['id']} LIMIT 1"; You're not performing any checks on the id, so a malicious user may post "24 OR 1=1" here. This means the query will be: DELETE FROM blog_entries WHERE blog_id=24 OR 1=1; Now, if blog_id 24 doesn't exist, this statement will still be true for any record in the database. You limit the query to one record, but this is just temporary damage control. It would be just a matter of reposting this a 100 times, and you would have the first 100 blog entries deleted. Now ofcourse, if the code is unknown, and there are privileges that one needs to delete something in the first place, the risk is small, but still, in a tutorial it might be a good idea to educate the readers about such security issues, as in other cases, the approach might be more harmful. |
Previous Message | Next Message |
| Comments: | ||
| Correction | Dave | 12/17/08 21:06 |
| please help me | imran | 11/04/05 06:04 |
| Watch out, unsafe code here | Ivo Jansch | 08/23/05 17:22 |
|
If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly. | ||
