Jump to content
xisto Community

ryanlund2323

Members
  • Content Count

    2
  • Joined

  • Last visited

Everything posted by ryanlund2323

  1. server side every day. client side bores the hell out of me
  2. just checked the MySQL hack in a script that i just created.....for some reason it doesnt actually work. my script does what it was designed to do and block entry but i cant understand why...here is a very simplified version of the script......if -- did kill the rest of the query it should technically be able to hack this script but it doesnt seem to workryan<?PHP$user=$_POST['user'];$pass=$_POST['pass'];if(!$user||!$pass){......error message}else{$db=mysql_connect('*******','******','****');$sel=mysql_select_db("*****");$enc=md5($pass);$query="SELECT * FROM `users` WHERE `user` = '$user' && `pass` = '$enc'";$do_query=mysql_query($query);$num=@mysql_num_rows($do_query);if($num!="1"){.......login fail}else{session_start();$_SESSION["user"]=$user;header("Location: test.php");}}?>***************EDIT*********************$querya="SELECT * FROM `users` WHERE `user` = '$user'";$do_querya=mysql_query($querya);$numa=@mysql_num_rows($do_query);if($numa!="1"){.....no user}else{$query="SELECT * FROM `users` WHERE `user` = '$user' && `pass` = '$enc'";$do_query=mysql_query($query);$num=@mysql_num_rows($do_query);if($num!="1"){.....password wrong}else{session_start();$_SESSION["user"]=$user;header("Location: test.php");}}this would fix that particular hack even if the user input wasnt checked if im not mistaken
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.