Page 1 of 1

MySQL Injection test

Posted: Wed Sep 22, 2010 11:35 am
by blaher
http://placeto.blahertech.net/admin/login.php - Live Sandbox Demo
http://placeto.svn.sourceforge.net/view ... iew=markup - line:78 current make safe function (both POST fields are sent through, before going in the a query)
http://placeto.svn.sourceforge.net/view ... unk/admin/ - The rest of the admin login system's source

I'm currently working on an admin for one of my projects. For now, I'm testing the security of the login.

Are there any tools out there I can run a pre-compiled list of php/mysql injection phrases? Or does anybody already see any faults that are in the login's security? I know you probably don't get this much, but I want someone to crack my login, so I can make sure there are no venerabilities.

Re: MySQL Injection test

Posted: Wed Sep 22, 2010 6:07 pm
by John Cartwright
I've used http://sqlmap.sourceforge.net/ in the past with some success.

Re: MySQL Injection test

Posted: Fri Sep 24, 2010 8:02 am
by AlexC
Why are you treating \r \t \n as unsafe chars? They are perfectly fine. Also, don't use htmlentities on your input like that; you do that when you want to output it, not store it. Same with strip tags, why did you let the user continue to submit this data if you ultimately don't want to allow it?

Re: MySQL Injection test

Posted: Fri Sep 24, 2010 10:24 am
by John Cartwright
How come your placeto_safe_html() method performs a mysql_real_escape_string(), whereas placeto_safe_sql() does not (which it should be reversed).

I also agree Alex's comments.