[Security Question] XSRF possible in this page?
Posted: Thu May 05, 2011 2:54 pm
Hi,
Let me tell you the page first.
http://www.celik-ticaret.net/?page=projects (A trash website I use to test my codes)
As you can see, it contains a form with an option like:
Basicly, users are generating a SQL query here. Such as:
Okay. All is good so far and it's working properly, but what about if I edit my form like:
Then the query will be like:
and table will be dropped. (SQL query may be wrong, but you got the idea.)
What kind of protections should I do on such pages? Doublecheck every option input in an array and die if it doesn't match?
Open for ideas.
Let me tell you the page first.
http://www.celik-ticaret.net/?page=projects (A trash website I use to test my codes)
As you can see, it contains a form with an option like:
Code: Select all
<select name="year">
<option value="1">Any year</option>
<option value="2000">2000</option>
<option value="2001">2001</option>
...
</select>
<select name="city">
<option value="any">Any city</option>
<option value="cityA">City A</option>
<option value="cityB">City B</option>
...
</select>[Code: Select all
function clrInput ()
{
//SQL Injection preventation
}
$city = clrInput($_POST['city']);
$year = intval(clrInput($_POST['year']);
/* NO OTHER CONTROLS HERE --- THAT'S WHAT I AM ASKING */
//Prepare our query -- Looks very vulnerable!
query(SELECT * FROM TABLE_NAME
WHERE City = $city AND
Year = $year);
Code: Select all
<select name="city">
<option value="UNION DROP TABLE TABLE_NAME">Any year</option>
</select>
Code: Select all
SELECT * FROM TABLE_NAME
WHERE City = NULL
UNION
DROP TABLE TABLE_NAMEWhat kind of protections should I do on such pages? Doublecheck every option input in an array and die if it doesn't match?
Open for ideas.