Page 2 of 2

Re: Creating a website to test SQL injection

Posted: Fri Jul 17, 2009 10:11 am
by jackpf
What, so it's fixed now?

Re: Creating a website to test SQL injection

Posted: Fri Jul 17, 2009 10:19 am
by marcg11
At least i don't get the php5.dll error.

But I'm not getting the the typical errror message when I try to connect with mysql_connect and the parameters are wrong. And obviously It's not connecting.

Seems like it doesn't show the errors or something.

Re: Creating a website to test SQL injection

Posted: Fri Jul 17, 2009 10:23 am
by jackpf
Have you got errors turned on in php.ini?

Re: Creating a website to test SQL injection

Posted: Fri Jul 17, 2009 10:24 am
by marcg11
jackpf wrote:Have you got errors turned on in php.ini?
that's php.ini, didn't touch anything yet, the default ones.

Code: Select all

 
; allow_call_time_pass_reference
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; display_errors
;   Default Value: On
;   Development Value: On
;   Production Value: Off
 
; display_startup_errors
;   Default Value: Off
;   Development Value: On
;   Production Value: Off
 
; error_reporting
;   Default Value: E_ALL & ~E_NOTICE
;   Development Value: E_ALL | E_STRICT
;   Production Value: E_ALL & ~E_DEPRECATED
 
; html_errors
;   Default Value: On
;   Development Value: On
;   Production value: Off
 
; log_errors
;   Default Value: Off
;   Development Value: On
;   Production Value: On
 
; magic_quotes_gpc
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; max_input_time
;   Default Value: -1 (Unlimited)
;   Development Value: 60 (60 seconds)
;   Production Value: 60 (60 seconds)
 
; output_buffering
;   Default Value: Off
;   Development Value: 4096
;   Production Value: 4096
 
; register_argc_argv
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; register_long_arrays
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; request_order
;   Default Value: None
;   Development Value: "GP"
;   Production Value: "GP"
 
; session.bug_compat_42
;   Default Value: On
;   Development Value: On
;   Production Value: Off
 
; session.bug_compat_warn
;   Default Value: On
;   Development Value: On
;   Production Value: Off
 
; session.gc_divisor
;   Default Value: 100
;   Development Value: 1000
;   Production Value: 1000
 
; session.hash_bits_per_character
;   Default Value: 4
;   Development Value: 5
;   Production Value: 5
 
; short_open_tag
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; track_errors
;   Default Value: Off
;   Development Value: On
;   Production Value: Off
 
; url_rewriter.tags
;   Default Value: "a=href,area=href,frame=src,form=,fieldset="
;   Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
;   Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
 
; variables_order
;   Default Value: "EGPCS"
;   Development Value: "GPCS"
;   Production Value: "GPCS"

Re: Creating a website to test SQL injection

Posted: Fri Jul 17, 2009 10:42 am
by jackpf
Do a search for display_errors and remove any semi colons preceding any values, and make sure everything is set to "on".

Re: Creating a website to test SQL injection

Posted: Fri Jul 17, 2009 11:01 am
by marcg11
No results... with this.

Code: Select all

 
; The following are all the settings which are different in either the production
; or development versions of the INIs with respect to PHP's default behavior.
; Please see the actual settings later in the document for more details as to why
; we recommend these changes in PHP's behavior.
 
; allow_call_time_pass_reference
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
   display_errors
   Default Value: On
   Development Value: On
   Production Value: on
 
   display_startup_errors
   Default Value: on
   Development Value: On
   Production Value: on
 
; error_reporting
;   Default Value: E_ALL & ~E_NOTICE
;   Development Value: E_ALL | E_STRICT
;   Production Value: E_ALL & ~E_DEPRECATED
 
   html_errors
   Default Value: On
   Development Value: On
   Production value: on
 
   log_errors
   Default Value: on
   Development Value: On
   Production Value: On
 
; magic_quotes_gpc
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; max_input_time
;   Default Value: -1 (Unlimited)
;   Development Value: 60 (60 seconds)
;   Production Value: 60 (60 seconds)
 
; output_buffering
;   Default Value: Off
;   Development Value: 4096
;   Production Value: 4096
 
; register_argc_argv
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; register_long_arrays
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
; request_order
;   Default Value: None
;   Development Value: "GP"
;   Production Value: "GP"
 
; session.bug_compat_42
;   Default Value: On
;   Development Value: On
;   Production Value: Off
 
; session.bug_compat_warn
;   Default Value: On
;   Development Value: On
;   Production Value: Off
 
; session.gc_divisor
;   Default Value: 100
;   Development Value: 1000
;   Production Value: 1000
 
; session.hash_bits_per_character
;   Default Value: 4
;   Development Value: 5
;   Production Value: 5
 
; short_open_tag
;   Default Value: On
;   Development Value: Off
;   Production Value: Off
 
   track_errors
   Default Value: on
   Development Value: On
   Production Value: on
 
; url_rewriter.tags
;   Default Value: "a=href,area=href,frame=src,form=,fieldset="
;   Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
;   Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
 
; variables_order
;   Default Value: "EGPCS"
;   Development Value: "GPCS"
;   Production Value: "GPCS"
 
I know it has to display the error because If i upload the .php in a free host, the error shows up.

Re: Creating a website to test SQL injection

Posted: Fri Jul 17, 2009 12:05 pm
by jackpf
That doesn't look like a php.ini file.

Re: Creating a website to test SQL injection

Posted: Fri Jul 17, 2009 12:08 pm
by marcg11
Well, it is.

Re: Creating a website to test SQL injection

Posted: Sat Jul 18, 2009 12:00 pm
by DaiLaughing
jackpf wrote:I thought tizag was pretty well paced tbh.

But yeah, nice site.
Tizag is good if you have a head start but for many in these forums and elsewhere they need the real basics for a while before getting into the good stuff. The trouble is so much depends on so much else and knowing where to start and where to go next is often a problem. Thanks for the comment.

Re: Creating a website to test SQL injection

Posted: Sat Jul 18, 2009 12:09 pm
by jackpf
Ahh...I'd had a bit of experience with programming before I started learning PHP so I guess I had a head start.

Yeah...after I'd gone through the tizag tutorials it was pretty much a case of learning stuff from forums like this, and reading through other people's code...like PHPBB's and SMF's.