Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,194,813 members, 7,956,075 topics. Date: Monday, 23 September 2024 at 12:23 AM |
Nairaland Forum / Science/Technology / Programming / Can Somebody Explain What This Means & where should it be used ?? (1092 Views)
Want To Learn Computer Programming, Can Somebody Pls Help? / Google Interview Question: How Would You Explain Database To A 5-year Old Child? / Can Somebody Help !! I Want To Arrange My Website (2) (3) (4)
Can Somebody Explain What This Means & where should it be used ?? by hilaryiwens05: 6:52am On Apr 27, 2015 |
*modified
|
Re: Can Somebody Explain What This Means & where should it be used ?? by Fulaman198(m): 7:05am On Apr 27, 2015 |
hilaryiwens05: It's supposed to check for SQL Injection Attacks and terminate them right? but from what I can read from the source code, I don't see how it even remotely does that. |
Re: Can Somebody Explain What This Means & where should it be used ?? by hilaryiwens05: 7:12am On Apr 27, 2015 |
ahhhh this one big pass me ooo, i was doing a research about XSS Attacks my clients do hav on their host and i came across this. can anybody throw more light on this Fulaman198: |
Re: Can Somebody Explain What This Means & where should it be used ?? by Fulaman198(m): 7:24am On Apr 27, 2015 |
hilaryiwens05: This article is pretty much spot on: http://en.wikipedia.org/wiki/Cross-site_scripting |
Re: Can Somebody Explain What This Means & where should it be used ?? by AAinEqGuinea: 8:23am On Apr 27, 2015 |
hilaryiwens05: You're checking (user) input for 'base64_' refs or 'union' and 'select' statements... for db exploit this should be used in a simple php form request and ($_POST) 1 Like |
Re: Can Somebody Explain What This Means & where should it be used ?? by Fulaman198(m): 8:32am On Apr 27, 2015 |
AAinEqGuinea: I guess in his if statement too, he's also calling for the function "die" if the user output matches the argument listed in the input for base64_. This is php right? is die() just a cout (meaning to output or print)? |
Re: Can Somebody Explain What This Means & where should it be used ?? by AAinEqGuinea: 8:40am On Apr 27, 2015 |
Fulaman198: Yea, php Yea, a php die message. You're on the right path, die is more like a dying error.message when /if handling exceptions or a condition to terminate than cout which continues runtime. 1 Like |
Re: Can Somebody Explain What This Means & where should it be used ?? by kudaisi(m): 10:18am On Apr 27, 2015 |
The first if checks for the existence of base64 encoding in your REQUEST array by checking for the string position of the word combination 'base64'. This is one of the common methods of XSS attack as the resource is provided externally via a base64 text encoded url (for example a .png image can be encoded as a base64 text and decoded back to it's initial status by calling this PHP function $imgdata = base64_decode($encoded_string); as so). Thus the external code (JavaScript payload) will be executed when the DOM initializes the object element. So by check through the request array for the existence of base64 you might be able to tell that an CSS attack is being attempted. The second if Check for the words SELECT and UNION in REQUEST data url, it is common to use these SQL statements for SQL injection. Although It is not limited to only this two alot of other scenarios still exist. Wherever you got this code from I am going to assume that they were just illustrated for educational purpose. As it is barely bullet proof against SQL injection or XSS attacks. Let's consider nairaland programming forum for example, I just used the word SELECT and UNION in this post. Running your script in the back-end will identify this post as a possible SQL injection attack and the web page will die (so to speak) whereas it is not an injection attack but merely a reply to your post. So in some cases using the codes improperly might yield unwanted results. Other cases you would have to use other SQL injection prevention (rather than Detection) methods such as tag stripping to say the minimum. I hope this helps. 1 Like |
Re: Can Somebody Explain What This Means & where should it be used ?? by Fulaman198(m): 4:56pm On Apr 27, 2015 |
AAinEqGuinea: Good stuff, thanks |
(1) (Reply)
In Need Of A Pos To Take All Records Of Sales / Integrate School Management Software To Your School Website In Less Than 1 Min. / Vb.net Programming Language Tutorial
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 20 |