Commit
Migrate all mysql to mysqli for apply patch wyth mysqli_real_escape_string
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,5 +17,5 @@ | |
*/ | ||
|
||
|
||
mysql_close($link) or die('Impossible de se déconnecter : ' . mysql_error()); | ||
$link->close(); | ||
?> |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,7 +20,7 @@ | |
|
||
if(isset($_GET["domain"])) | ||
{ | ||
$domain = mysqli_real_escape_string($_GET["domain"]); | ||
$domain = mysqli_real_escape_string($link, $_GET["domain"]); | ||
|
||
} | ||
else | ||
|
@@ -37,9 +37,10 @@ | |
echo "</tr>"; | ||
echo "</thead>"; | ||
echo "<tbody>"; | ||
$query="SELECT * FROM url_referer WHERE referer_domains='".$domain."'GROUP BY url_domains, referer_domains"; | ||
$result = mysql_query($query) or die ("Echec de la requête : ".$query." ". mysql_error()); | ||
while ($line = mysql_fetch_assoc($result)) | ||
$query=$link->prepare("SELECT * FROM url_referer WHERE referer_domains='".$domain."'GROUP BY url_domains, referer_domains"); | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
LaboCNIL
Collaborator
|
||
$query->execute(); | ||
$result = $query->get_result(); | ||
while ($line = $result->fetch_assoc()) | ||
{ | ||
echo "<tr>"; | ||
if ($line["is_cookie"] == 1) | ||
|
@@ -50,9 +51,10 @@ | |
} | ||
echo "</tr>"; | ||
} | ||
$query="SELECT * FROM url_referer WHERE url_domains='".$domain."'GROUP BY url_domains, referer_domains"; | ||
$result = mysql_query($query) or die ("Echec de la requête : ".$query." ". mysql_error()); | ||
while ($line = mysql_fetch_assoc($result)) | ||
$query=$link->prepare("SELECT * FROM url_referer WHERE url_domains='".$domain."'GROUP BY url_domains, referer_domains"); | ||
$query->execute(); | ||
$result = $query->get_result(); | ||
while ($line = $result->fetch_assoc()) | ||
{ | ||
echo "<tr>"; | ||
if ($line["is_cookie"] == 1) | ||
|
3 comments
on commit 4978326
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, will change that in the next version. Thanks again for your help.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@LaboCNIL for information, all reproductions steps are available on this page http://seclists.org/fulldisclosure/2014/Nov/3. Also, you can have a look to a tool named "The mole" which can scan the website for SQL injections vulnerabilities (see http://themole.sourceforge.net/?q=tutorial). Of course, this tool should only be used on a website you own and is not intended to attack someone else website.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes i try to reproduce from information describe in sec list.org. With the last patch, those bug seems to be fixed!
bind_param
method should be used instead of inlining values. See http://php.net/manual/en/mysqli.prepare.php#refsect1-mysqli.prepare-examples and http://mattbango.com/notebook/code/prepared-statements-in-php-and-mysqli/. And then,mysqli_real_escape_string
could be skipped (not 100% sure about that though).