EvilZone
Programming and Scripting => Web Oriented Coding => : fr0g December 01, 2011, 02:49:24 PM
-
French :
Juste un projet (à l'image du site Exploit-DB) , visant à répertorier toutes les ressources partagées par le collectif n-pn, hwc-crew & co' Tutoriels, codes sources, tools, etc ...
Voilà, je ne pense pas qu'il y ai grand chose à dire de plus, je vais le peaufiner et trouver un hébergeur stable pour le publier, j'ajouterai le sous-domaine db.hwc-crew.com dessus.
Version de démonstration pour le lancement du projet ici => http://www.hwc.kegtux.org/index.php (http://www.hwc.kegtux.org/index.php)
English :
This script will list the source code and papers stored in a database, the website is still under development, as you can see here: http://hwc.kegtux.org/ (http://hwc.kegtux.org/)
Table mysq : "listfile"
champs :
- id
- title
- author
- category
- date
- content
<?php
/**
*
* File Lister for repository
*
* Author : fr0g
*
* Thank's : hwc-crew, n-pn.info
*/
/**
* Constantes & variables d'information (a modifier selon l'utilisateur du script)
**/
$types = Array('papers', 'exploits', 'webcoding', 'tools', 'apps'); // : liste des rubriques
$count = count($types); // : calcule la longueur du tableau
//-----------------------------------------------------------------------------------------------------
/**
* Tentative de connexion a la base de donnee
**/
try{
$pdo_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
$bdd = new PDO('mysql:host=localhost;dbname=', '', '', $pdo_options);
}
catch (Exception $e){
die('Erreur : ' . $e->getMessage());
}
//-----------------------------------------------------------------------------------------------------
/**
* Analyse de la requete
**/
if (isset($_GET['cat']) && ! isset($_GET['id'])){
for ($i = 0; $i < $count; $i++){
if ($_GET['cat'] == $types[$i]){
$query = "SELECT * FROM listfile WHERE category='$types[$i]'";
$content = $bdd->query($query);
?>
<table class="table" id="TheList" cellspacing="0" cellpadding="0">
<tr class="rowtitle">
<td class="col1 cell"><?php ?>Date</td>
<td class="col2 cell">Title</td>
<td class="col3 cell">Author</td>
<td class="col4 cell">ID</td>
</tr>
<?php
while ($donnees = $content->fetch()){
?>
<tr class="row">
<td class="col1 cell"><?php echo $donnees['date']; ?></td>
<td class="col2 cell"><a href="index.php?id=<?php echo $donnees['id']; ?>"><?php echo $donnees['title']; ?></a></td>
<td class="col3 cell"><?php echo $donnees['author']; ?></td>
<td class="col4 cell"><?php echo $donnees['id']; ?></td>
</tr>
<?php
}
?>
</table>
<?php
}
}
}
else if (isset($_GET['id']) && ! isset($_GET['cat'])){
if (is_numeric($_GET['id'])){
$id = $_GET['id'];
$query = "SELECT * FROM listfile WHERE id='$id'";
$content = $bdd->query($query);
while ($donnees = $content->fetch()){
?>
<h1><?php echo $donnees['title']; ?></h1>
<br><br>
<h3># Author : <?php echo $donnees['author']; ?></h3><br>
<h3># Date : <?php echo $donnees['date']; ?></h3><br>
</br>
<?php echo $donnees['content'];
}
$content->closeCursor();
}
else{
?>
<script>
alert("ERROR : \n Numero de ressource invalide");
location.href="index.php";
</script>
<?php //s'execute si $_GET['id'] n'est pas un nombre ou s'il est <= $num_rows
}
}
else{
$query = "SELECT * FROM listfile ORDER BY date DESC";
$content = $bdd->query($query);
?>
<table class="table" id="TheList" cellspacing="0" cellpadding="0">
<tr class="rowtitle">
<td class="col1 cell"><?php ?>Date</td>
<td class="col2 cell">Title</td>
<td class="col3 cell">Author</td>
<td class="col4 cell">ID</td>
</tr>
<?php
while ($donnees = $content->fetch()){
?>
<tr class="row">
<td class="col1 cell"><?php echo $donnees['date']; ?></td>
<td class="col2 cell"><a href="index.php?id=<?php echo $donnees['id']; ?>"><?php echo $donnees['title']; ?></a></td>
<td class="col3 cell"><?php echo $donnees['author']; ?></td>
<td class="col4 cell"><?php echo $donnees['id']; ?></td>
</tr>
<?php
}
}
?>
-
Vote 4 remove.
-
Vote 4 remove.
Why ?
-
Fr0g, your/someone else his code is not secure, and not written in a proper way.
$id = $_GET['id'];
$query = "SELECT * FROM listfile WHERE id='$id'";
This is the part where you get an SQLInjection, and if the errors are not show you will get an Blind SQL injection.
If this is yours or you are trying to write in PHP, please learn in the PROPER way.
These days:
Try to secure Human input, (XSS, XSRF, and invalid input like sadfsadfasdf as an email)
Try to escape EVERYTHING but fixed integers who go into the database (mysql_real_escape_string() or the mysqli version)
Try to Write in OOP as much as possible, this will save time later on, and will be more professional
-
<?php
if (is_numeric($_GET['id'])) { // only if $_GET['id'] is a number
$id = $_GET['id'];
...
....
}
else{ // if $_GET['id'] isn't a number
?>
<script> alert("ERROR : \n Numero de ressource invalide");
location.href="index.php"; </script>
<?php
}?>
you can try it here :
http://hwc.kegtux.org/index.php?id=' (http://hwc.kegtux.org/index.php?id=')
-
The point is, get used to escape, just escape it, even if its an integer only, and its not vurnerable just escape it :)
-
The point is, get used to escape, just escape it, even if its an integer only, and its not vurnerable just escape it :)
No. Simply mysql_real_escaping everything you use in a SQL statement is bad style. If this is an integer, and he checks wether it is numeric, and doesnt process it otherwise, this is perfectly fine.
Unless your code gets so dirty, that you can't find the check anymore.
But if you are already using integers, and checking them with is_numeric, then don't quote them in the query. Ever heard that quotes are for Strings?
-
No, this is bullshit. You don't apply htmlentities on numbers either when outputting.
You need to code clean, and keep track of such stuff, instead of brute force escaping everything. That is not professional.
-
didnt read 100%, drunk, but I say PublicEnemy/OP is beyond correct.
mysql_real_escape_string(what a fucking name for a function), doesnt apply to PDO(PDO::Prepare). Any HTML should be escaped, pre-escape is bad Idea IMFO
> F stands for faggot btw.
Try to Write in OOP as much as possible, this will save time later on, and will be more professional
You've been brainwashed, yo.