Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 32
Guests Online: 27
Members Online: 5

Registered Members: 82858
Newest Member: alexxkim
Latest Articles

Injections

Arrow Image Many people dosn't use these functions in PHP, which make their site a open door for alot of hackers.



addslashes();
htmlentities();

One of these two functions, should be used when ever you re able to post something on the site, or when you get connection to the MySQL database.


=====] Addslashes [=====
The Addslashes function, is a very good thing to use when you\'re handling with MySQL queries. The good thing about the function is that it makes back-slashes in front of every \"Injection Character\". For example this we have this Query.

SELECT * FROM UserPass WHERE password = \'$_GET[pass]\'

Now this is very easy to just put the legendary:
\' or 1=\'1
And then it will select every row in the UserPass table.
If you example secured the $_GET[pass] with the addslashes command, it was not possible to use the legend command, then it would look like.

SELECT * FROM UserPass WHERE password = \'\\\' or where 1=\\\'1\'


=====] htmlentities [=====
[ Every HTML entity is contain a space, because HBH makes them to a Character ]

A very known HTML entities is the &nb sp; which makes a space, now its not the only entity we have, we also have &co py; and actually we have for every character in the char-system.
Now the htmlentities is good when you have a Walltag or a Guestbook, because it prevents people from using evil JS injections.
When you use htmlentities the following text will look like this.

<script>alert(\'OMG U NOOBS I HACKED YOU!\');</script>
--------------------------------------------------
&l t;script&g t;alert(\'OMG U NOOBS I HACKED YOU!\');&l t;/script&g t;

As you see its very good to protect yourself with these tags, i know their are a lot of other tags that can be used. But these are what i like to use.


===========
=| err0r33
=| - Life is a game, you just need to play it.
===========

Comments

Flaming_figureson December 01 2006 - 17:12:04
Wow. Immediatley need to know whats going on eh? With a name like injections you would probably expect to see something like javascript with it, but it's an ok enough article. Didn't go far into the topic though. The html entities was good though.
err0r33on December 01 2006 - 21:07:21
Well the article is placed in security (;
Arto_8000on December 01 2006 - 23:16:53
addslahes is no more consider as secure, in someone specific case it can be easily overpassed. People should use mysql_escape_string instead.
err0r33on December 02 2006 - 12:39:37
Well, everyone can learn new thing, right? (: And its my first article.
only_samuraion December 02 2006 - 20:20:18
not a bad article on a whole. I would agree it might want to go into a bit more depth, but it was informative. perhaps an actual usage or example of the the function would have been nice. So noobs to php can get an idea of the structure and syntax.
garyson December 17 2006 - 03:54:29
strip_tags()
system_meltdownon August 29 2007 - 21:04:30
"And then it will select every row in the UserPass table.", errr, no it won't... first: ' or 1=1-- is for MS SQL, -- is the start of an MS SQL comment, /* is for a MySQL comment, you should explain that Wink Second, it won't select ever row, I dunno where everyone's getting this from. But basically, if you submitted "uberPass" as the password, what it would do is it would compare the password in the table against "uberPass", and if that's true then it will log you in, but because you'd be doing something like this: uberPass' OR '1'='1 (no quote on the end, so that the query is formatted like this: SELECT * FROM `userTbl` WHERE `username`='uberUser' AND `password`='uberPass' OR '1'='1'Wink now, this will always return true, because even if the password isn't "uberPass", it has OR '1'='1' to fall back on, and because 1 will always be equal to 1, it will always return true.
system_meltdownon August 30 2007 - 04:28:29
Another thing, mysql_real_escape_string is better to use than addslashes Smile
system_meltdownon October 04 2007 - 21:57:04
Another note: Use $_GET['pass'] rather than $_GET[pass] >_<
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.