sql injection - PHP magic_quotes_gpc vulnerability -

-

I have been assigned one of my company's legacy webpage, and after a day or two around the source, I have found a SQL injection vector similar to the following: 

  mysql_query ("SELECT * FROM WHERE bar = '". $ _GET [' baz ']. "'"); I have tried to do a SQL injection test against it, but it fails because of the PHP  magic_quotes_gpc  module being turned on. 
 
 I know  magic_quotes_gpc  is  dirty , but we have hundreds - if not thousands - the lines of the same code above the code Can not afford to close  magic_quotes_gpc , because this code will open like an attack to attack. 
 
 I want to know that the code above is 'Shōogi', and should we immediately fix it or should work to fix it with our other defactor functions.

magic_quotes_gpc is the common way to add wrapper function to sites: 

  function m ($ s) {if (get_magic_quotes_gpc ()) $ S = strip slash ($ s); Return mysql_real_escape_string ($ s); } Mysql_query ("SELECT * FROM Foo WHERE bar = '" ($ _ GET [' Falcon ']). "'");

This will fix the problem of not being character-defined-aware addslashes which in some cases may make it vulnerable, and will usually continue the code before To 'work' as to.

However, depending on input-avoidance, it is unbearable in long term, because it will multiply the slip in the input string, you are not entering the database, then it is the real reason to put it in the database from other sources again Magic_quotes_gpc is the wrong thing: it is implementing output-stage encoding on the input stage.

Add the wrapper function and then gradually go through all the updates. To use it, you can turn off the magic quotes when you find them in SQL Interpolations.


Comments

Post a Comment

Popular posts from this blog

oracle - The fastest way to check if some records in a database table? -

-
I have a big table to work with. I have to see that there are some records whose parent_id is equal to my passing value. Currently I do this by implementing "my_table using select count (*) where parent_id =: id"; If the result> 0, it means that they exist. Because this is a very large table, and I do not care what the actual number of records present, I just want to know if it exists, so I think count (*) Bit is disabled. How do I apply this requirement most quickly? I'm using Oracle 10. # Tips for Hibernation & amp; Tricks It suggests writing in such a way: Integer number = (integer) session .createQuery ("Select Count (*) to ...."). UniqueResult (); I do not know what is the magic of the unique rule? Why does it fast? To compare, select "1 from mytable where parent_id = passId and rowrum", which is more efficient? If you are not interested in the number of records, then there is an EXISTS query one: Select 'y'
Read more

php - multilevel menu with multilevel array -

-
Just ask someone to solve this problem? I want to create a multilevel menu I can not find the right solution generated with multilevel array, it always gets an array_push error My study came from the original idea But still my Can not match the need. This is my MySQL [code] ----- --------------------- --------------- | ID | PARENT_ID | Name | Link | Seq | 1 | 0 | Dashboad | Dashboard / | 1 | 2 | 0 | Menu 1 | Menu 1 / | 2 | 3 | 0 | Menu 2 | Menu 2 / | 3 | 4 | 0 | Menu 3 | Menu 3 / | 4 | 5 | 2 | Joint Add / | 1 | 6 | 3 | Joint Add / | 1 | 7 | 2 | Edit | Edit / | 2 | 8 | 4 | Joint Add / | 1 ------------------------------------------ [/ Code] I want to do something like this in my array array ('dashboard' = & gt; array ('id' = & gt; '' 'Dame' = & gt; 'Dashboard', 'Title' = & gt; 'Dashboard', 'MatchMin' = & gt; Base_URL (). 'Dashboard /', 'Active' => = & Gt; NULL), &
Read more

jQuery UI: Datepicker month format -

-
I am trying to change the format of the month that shows in the popup (not in the date that the picker actually I do not have any choice anywhere to do this, do I like to use a sub-string () or something else? What I normally display is Trying to change: Class = "ui-datepicker-title"> January & lt; / span & gt; ... & lt; / div & gt; Div>
Read more