Publicado em 4 de jan.

Erro Php + Sql = vulnerabilidade

Olá, descobri que tem pessoas que usando o famoso havij está conseguindo acesso aos resultados do mysql do meu site, eu conheço uma função é a INT que é usanda antes do $_GET, porém eu coloquei e deu erro no php.

Veja abaixo o código da minha página:

<?php
define('USERNAME_REQUIRED', FALSE);
define('ACCOUNT_REQUIRED', FALSE);
include('global.php');
if(isset($_SESSION["username"]))
header("Location: me.php");
elseif(isset($_SESSION["account"]))
header("Location: characters.php");
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="icon" href="http://i37.servimg.com/u/f37/13/27/41/49/favico10.png" type="image/gif" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $sitename; ?></title>
	<link type="text/css" rel="stylesheet" href="./Public/Styles/<?php echo $currentstyle ?>/CSS/login.css" />
</head>

<body>

<div class="loginBox">
<div class="top">
	<a href="./"><img src="./Public/Styles/<?php echo $currentstyle ?>/Images/logo.png" /></a>
	<?php echo $core->UsersOnline(); ?> <?php echo $lang['users_online']; ?>
</div>

<div class="mid">
	<div class="loginForm">
 <?php
 if(isset($_GET["error"]) && $_GET["error"] == "password")
 {
 ?>
 <div class="errormsg" id="habbo_name_message_box">
 <h3><?php echo $lang['error_wrong_password']; ?></h3>
 <?php echo $lang['error_wrong_password_text']; ?>
 </div>
 <?php
 }
 elseif(isset($_GET["error"]) && $_GET["error"] == "username")
 {
 ?>
 <div class="errormsg" id="habbo_name_message_box">
 <h3><?php echo $lang['error_wrong_username']; ?></h3>
 <?php echo $lang['error_wrong_username_text']; ?>
 </div>
 <?php
 }

 elseif(isset($_GET["error"]) && $_GET["error"] == "ban")
 {
 if(isset($_GET["user"]))
 {
 $query = mysql_query("SELECT * FROM bans WHERE value = '".$_GET["user"]."' AND expire > UNIX_TIMESTAMP() ORDER BY expire DESC LIMIT 1");
 }
 elseif(isset($_GET["ip"]))
 {
 $query = mysql_query("SELECT * FROM bans WHERE value = '".$_GET["ip"]."' AND expire > UNIX_TIMESTAMP() ORDER BY expire DESC LIMIT 1");
 }
 $ban = @mysql_fetch_array($query);
 ?>
 <div class="errormsg" id="habbo_name_message_box">
 <h3><?php echo $lang['error_ban']; ?></h3>
 <?php echo $lang['error_ban_reason']; ?>: <?php echo $ban['reason']; ?><br />
 <?php echo $lang['error_ban_expire']; ?>: <?php echo @date("d-m-Y H:i", $ban['expire']); ?><br />
 <?php echo $lang['error_ban_moderator']; ?>: <?php echo $ban['added_by']; ?>
 </div>
 <?php
 }
 ?>
 <form action="./login.php" method="post">
 <?php echo $lang['index_register']; ?><br /><br />
 <?php echo $lang['index_login_username']; ?>:<br /><input type="text" name="username" /><br /><br />
 <?php echo $lang['index_login_password']; ?>:<br /><input type="password" name="password" /><br /><br />
 <input type="submit" value="Entrar" onmousedown="this.style.backgroundColor='#ddd';" onmouseup="this.style.backgroundColor='#eee';" onmouseover="this.style.backgroundColor='#eee';" onmouseout="this.style.backgroundColor='#fff';" />
 </form>
<input type="submit" value="Cadastrar" onmousedown="this.style.backgroundColor='#ddd';" onmouseup="this.style.backgroundColor='#eee';" onmouseover="this.style.backgroundColor='#eee';" onmouseout="this.style.backgroundColor='#fff';" onclick="window.location='./register';">
	</div>
</div>

<?php include("system/footer.php"); ?>
</div>

</body>
</html>

Como eu posso proteger essa página desse tipo de ataque?

Discussão (9)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

Carregando comentários...