1. 技术文章
  2. can I be hacked with this code?

can I be hacked with this code?

|▌冷眼眸甩不掉的悲伤 提交于 2020-01-13 09:29:25

问题


I purchased a script that has some weird code in it. I'm a PHP beginner but know a little about things like sanitizing input data.

This is the code:

<form action="sendpass.php" method="post" id="sendpassform">
<input type="text" name="email" />
<input type="submit" name="sendpass" value="Send" />
</form>
?>

...
if($_REQUEST['email'] != ''){
  $email = $_REQUEST['email'];
  $k = mysql_query("SELECT * FROM users WHERE email='".$email."'") or die(mysql_error());
  $result= mysql_fetch_array($k);
  ....
}

What I'm curious of, is if someone can hack the site using this form, because the email field is just passed directly to SQL with any escaping...


回答1:


Yes. This is called SQL injection. Anywhere user supplied values are directly included in a SQL statement, this is a possibility.




回答2:


Yes quite easily with SQL injection.




回答3:


You should use be doing $email = mysql_real_escape_string($_REQUEST['email']);

That should prevent any SQL injection attacks.

To answer your question, it's possible but whether there is any damage or not depends on what you do with the data retrieved from MySQL (not shown)




回答4:


The short answer is yes, though I cannot give you a play by play on how that would happen; I don't have enough info on your database structure to know - and I don't want to know. :)

There are some very easy steps you can take to make the code more secure:

  1. $email = mysqli_real_escape_string($database_connection, $_REQUEST['email')

    this escapes any dangerous characters that can adversely affect SQL string

  2. $email = mysqli_real_escape_string($database_connection, trim($_REQUEST['email'))

    in this step we added the trim function which takes out any whites spaces - which are used to launch SQL Injection attacks

If you want more information on SQL/Programming security i would suggest the following books:

  1. Head Firs PHP & MySQL (for beginners - it's really good)
  2. Hacking exposed Web Applications 3rd Edition good luck feel free to ask any questions you might have



回答5:


That should be listed as a prime example for a possibility of SQL injection. Of course you need to escape the $email variable.




回答6:


The $email variable is escaped when used in the SQL. But the contents of the variable can be the escape characters and other SQL. This could result in someone running arbitrary SQL on the server.




回答7:


This looks like an example out of a sql-injection tutorial. If you have to integrate user input in a database query, you should always consider the following two security measures. Both should be applied if possible, just in case:

  1. Use prepared statements (if your database-driver supports this)
  2. Perform input validation

You should only use the input if it is plausible. A regular expression to validate an email-address is something like this (taken from ESAPI, the Enterprise Security API):

^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$


来源:https://stackoverflow.com/questions/5541347/can-i-be-hacked-with-this-code

标签
php
mysql
security
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!