samedi 31 janvier 2015

Overcoming sanitize filters for SQL injection in a php app



I'm learning ethical hacking and now I'm on sql injection topic. I'm also new to SQL and php. Ok, so I have local vulnerable website with back-end Linux, PHP, MySQL and Apache. I'm practicing SQL injection with login, password forgotten reset, and profile status update text PHP functions. Now, all of the mentioned functions use a common set of sanitize filter functions in order to prevent SQL injections. So far I've managed to use sql injection to login, but attempts with sql injecting the profile status update and password reset functions have failed. So, I need some help in understanding the sanitize function filters and finding a way to overcome them. I especially look forward to exploit the profile text update to inject sql to return interesting tables and or even updating or doping them. Ok, here are the functions that sanitize SQL input:



function sanitizeStr($var)
{
global $connection;
$var = strip_tags($var);
$var = htmlentities($var);
$var = stripslashes($var);
return $connection->real_escape_string($var);
}

function sanitizeStrSQ1($var)
{
return ($var);
}

function sanitizeStrSQ2($var)
{
global $connection;
return $connection->real_escape_string($var);
}

function sanitizeStrXSS51($var)
{
global $connection;
return $connection->real_escape_string($var);
}

function sanitizeStrXSS52($var)
{
global $connection;
$var = str_replace('<script>', '', ($var));
return $connection->real_escape_string($var);
}




Aucun commentaire:

Enregistrer un commentaire