| Author |
Message |
Darrell3831
Worker
Joined: Feb 18, 2004
Posts: 244
|
 Posted:
Fri Feb 20, 2004 10:00 pm |
 
|
I saw in someone elses code that they were reading a value from a database and immediately screening/validating it's value with intval().
| Code: | | $varname=intval($varname); |
At first I thought nothing of it, but later while looking in the actual database the person was using I saw that the field was an intiger.
Is it necessary to see if the value read is an intiger when the only thing the field holds is an intiger?
I had assumed that you could not stick values that werent intigers into intiger fields...
Or perhaps this is some sort of back door insertion that he's trying to prevent?
Thanks,
Darrell |
|
|
 
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Fri Feb 20, 2004 10:11 pm |
|
| Darrell3831 wrote: | Or perhaps this is some sort of back door insertion that he's trying to prevent?
Thanks,
Darrell |
BINGO! |
|
|
 
|
|
Darrell3831
Worker
Joined: Feb 18, 2004
Posts: 244
|
| Posted:
Fri Feb 20, 2004 10:18 pm |
|
That's a bit discouraging. |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 16987
Location: Kansas
|
| Posted:
Fri Feb 20, 2004 11:22 pm |
|
Most of the sql injections piggy-back off of poorly written queries that all you to do something like add a union statement or AND'ing to the query variable. If you're passing, say sid=1 in the url (&sid=1), the query can often be hijacked by modifying it to &sid=1 or 1=1. Or &sid=1 Union select from .... So, depending on how your code processes the form literals, sql injection is often the result. |
|
|
|
|
|
chatserv
The Mouse Is Extension Of Arm
Joined: May 02, 2003
Posts: 1396
Location: Puerto Rico
|
| Posted:
Sat Feb 21, 2004 11:56 am |
|
Many times a value is extracted from a database table to be used in a url to another option in the module/file by adding a check to that value one attempts to make sure nothing else is passed through the variable in the url. |
|
|
|
|
|
Darrell3831
Worker
Joined: Feb 18, 2004
Posts: 244
|
| Posted:
Sat Feb 21, 2004 5:13 pm |
|
Oh boy,
Raven, you said often time poorly written querries can be hijacked.. Can you teach me the difference between well written ones and poorly written ones?
In the administrative part of the application I'm creating I do that a lot....
| Code: | | op=listLessons&cid=30 |
It's the only way I know how to do it.
Is there another safer way?
Thanks,
Darrell |
|
|
|
|
|
Darrell3831
Worker
Joined: Feb 18, 2004
Posts: 244
|
| Posted:
Sat Feb 21, 2004 5:24 pm |
|
Chatserv,
Alright so input validators on all input, be it from user, function to function, or database......
I've had my nose in the nuke code now for a month and a lot of the functions just assume the values are as expected...
Darrell |
|
|
|
|
|
chatserv
The Mouse Is Extension Of Arm
Joined: May 02, 2003
Posts: 1396
Location: Puerto Rico
|
| Posted:
Sat Feb 21, 2004 5:49 pm |
|
What a script kiddie attepts to pass through might not be saved to the db for the same reasons you state but that doesn't mean their injected code won't return the results they expect like grabbing your passwords. |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
