SQL (Structured Query Language) is a programming launguage is a data base that can store info on a website... Im not all that good with scripts and stuff, but i thought this would be a fun topic... SQL, pronounced "sequel", uses a language to store information such as forums, shoutboxes, chat, blogs, and more... So when i am done making this, it will all be stored for you guys to veiw... Like i said, it is a programming language, so it has its own coding... The biggest problems with security these days are SQL injections... A SQL injection is done with anything that submits data such as a Login and password box, a shoutbox ect... One of the first injections looked like this...



I dont know what the "OR" is but i do know what the "1" is...

1=Correct...
0=Incorrect...
X=Anything...

dont ask what the "=" is becuase i dont know...


But anyways... People would type that in as a username and password... I dont know how, but it tells the server that you have entered a correct password (Thats what the "1" does) letting you login without a real username and password...

People nowa days use big complex injections like



But i dont know anything about those.... I am just telling you what i know and trying to give you an idea of what it is


Note:I can guarentee this exploit does not work anymore... like i said, its one of the first expliots...




Sorry if this is confusing or i didnt explain right...

You can find out more about sql here...

http://www.sqlcourse.com/

 

 

 

Reply

Adding my five cents to what already has been said…

1. Do not build SQL strings directly from user input, “select id from user where username = (input) and password = (input)”. The simplest way would be striping the input of any comment marks, line ending marks and quote/string marks and place the input inside a string quotes, “select id from user where username = ‘(input)’ and password = ‘(input)’”.

2. Validate all input and limit it to the right data type, character set, length and values.

3. Remove all unnecessary permissions from all database users.

4. Use account lock-out for repeated failed log-ins.

5. Use views containing just the necessary fields for each query, do not select directly from the tables.

Reply

Ahhh, the fun of logging in to stupid fansites using things like "hi' or 1=1--"

For the previous person who didn't know why it was "1=1", 1=positive, yes. it's 1=1 because it's saying that the input is the same as the password/username or other field.

It's a shame you can't write tutorials on this kinda thing here in trap17, you can on totse.com

Reply

The following code it blatantly stolen borrowed from http://www.php.net/manual/en/function.mysq...cape-string.php


On a site a few years back for my boyscout troop, I used the mysql_real_escape_string on everything the user potentially had access to, including every sql-query which included either the username or password. In fact, I might have used it on some things that really didn't need it, but then again I think a few extra CPU cycles in the sake of security on a low traffic site won't hurt much.

 

 

 

Reply

Oh thank you. I also didn't really know how to fix these security and now you have lightened the scene. Why do people actualy want to wreck people's websites which they have taken a long time to make?

This is a code which I just thought up of looking up at the other posts. Just put this at the top of a page, or better, if you have like a template system, or include a page on each page, just put it in there:


Have a great day!

-Tom

Reply

always use addslashes() to usernames to prevent sql injections even if your code doesn't allow them, because you never know when you'll accidentally type error prone code and not realize it.

Also don't allow users to use their scripts on your site. I don't know why you would do this, but this is something you should definately NOT do.

<?
include($_GET['url']);
?>

if you do something like that anyone can include their site into your url and run scripts that query your database for passwords, steal your scripts, whatever.

Reply