ok today im going to be talking about some security issues when programming your php/mysql website
this information will show you why it is very inportant to create a mysql table and table rows carfully because it could save your website from being hacked..
So lets get started...
In GBK (character encoding) there is a characters that is considered as invalid multi-byte characters (0xbf27) BUT the character (0xbf5c) is a single-byte character...
(0x)bf|27 is (¿)bf followed by (')27 AND
(0x)bf|5c is (¿)bf folowed by (\)5c
So if you are using addslashes then it would be possible to inject the mysql tables with a single quote character..
so if i inject the char 0xbf27 (¿') then addslashes function will modify this to become a multi-byte character so it will become 0xbf5c27 (¿\') and this multi-byte character is VALID meaning it the it will successfully bypass addslashes and allow me to perform Sql Attacks threw Curl Post Attacks....
to test this security issue your self to see if you are vuln you can set up a php script on your server and create a simple MySql SELECT command and use the php function char() to inject your system so heres a small example.
ok so i hope you have understood that it is not good to user add slashes and i would recommend using
mysql_real_escape_string() if available on your php version.
and if you havent understood what ive been speaking about the just dont use addslashes lol
peace all
this information will show you why it is very inportant to create a mysql table and table rows carfully because it could save your website from being hacked..
So lets get started...
In GBK (character encoding) there is a characters that is considered as invalid multi-byte characters (0xbf27) BUT the character (0xbf5c) is a single-byte character...
(0x)bf|27 is (¿)bf followed by (')27 AND
(0x)bf|5c is (¿)bf folowed by (\)5c
So if you are using addslashes then it would be possible to inject the mysql tables with a single quote character..
so if i inject the char 0xbf27 (¿') then addslashes function will modify this to become a multi-byte character so it will become 0xbf5c27 (¿\') and this multi-byte character is VALID meaning it the it will successfully bypass addslashes and allow me to perform Sql Attacks threw Curl Post Attacks....
to test this security issue your self to see if you are vuln you can set up a php script on your server and create a simple MySql SELECT command and use the php function char() to inject your system so heres a small example.
PHP:
<?php
//Do Connection here
$_POST['admin_user'] = chr(0xbf) . chr(0x27) . //here addslashes would turn into a valid multi-byte char
' OR username = username /*';
$_POST['admin_pass'] = 'what ever';
$sql = "SELECT *
FROM users
WHERE username = '".addslashes($_POST['username'])."'
AND password = '".addslashes($_POST['password'])."'
";
$result = mysql_query($sql);
/*
Login would usually be here to test for authentication
*/
?>mysql_real_escape_string() if available on your php version.
and if you havent understood what ive been speaking about the just dont use addslashes lol
peace all