Menu

#4 possible sql injection vulnerability

open
nobody
None
5
2008-07-14
2008-07-14
Anonymous
No

line 29 of hit.php reads:

phpcounter($_GET["name"]);

function phpcounter() in inc.php reads:

function phpcounter($name)
{
global $Referer, $LocalPage;

$rs = mysql_query("select * from phpcounters where name='$name'");
...

replace line 29 of hit.php with:

phpcounter(preg_replace('/[^\w]+/','',$_GET["name"])); // filter input

to filter out any characters besides a-zA-Z0-9_ (word characters "\w")
you can adjust the regular expression to your liking, but always deny ' ` " characters

Discussion


Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.