PEAK XOOPS - Re: Action if an isolated comment-in is found in englishin japanese

Top > XOOPS Modules >Protector >Action if an isolated comment-in is found

Re: Action if an isolated comment-in is found

List posts in the topic

question Re: Action if an isolated comment-in is found

msg# 1.1
depth:
1
Previous post - Next post | Parent - No child | Posted on 2005/4/28 5:25
GIJOE  ÀèǤ·³Áâ   Posts: 4110
hi Dave.

Quote:
1) Is there any way of making a post like that without getting the */ added at the end?
Turn off the option
If XOOPS_DB_PREFIX is not known by attackers, there are few threat by SQL injection attack.

I think the better argorithm like POST checking will be ok if some "invalid string as SQL" found before the first of '/*'

Quote:
2) Is that check really necessary? How could someone exploit that?

Isolated '/*' makes easier SQL Injection.

eg)
the vulnerability:
"SELECT title FROM ".$xoopsDB->prefix("foo")." WHERE storyid='{$_GET['id']}' AND status>0" ;

Attacker can do:
?id=1'+UNION+SELECT+password+FROM+xoops_users+ORDER+BY+...+/*

I'm sorry that I didnot check the typo in this attack

Anyway, you can easily understand the isolated '/*' is necessary.

Protector rewrites the request likt this:
?id=1'+UNION+SELECT+password+FROM+xoops_users+ORDER+BY+...+/**/

You can also understand this cause SQL error, and attackers can't get the hashed password from users table.


*/
Votes:0 Average:0.00

Posts tree

  Advanced search

Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!