Welcome to WebmasterWorld Guest from 126.96.36.199
Which script should I type in a text field/textarea or even login textbox in order to make sure that mysql database is protected against sql attacks? Is it possible to attack mysql database online when you don't know the connection parameters, names of databases and tables' and form password?
Is it possible to attack mysql database online when you don't know the connection parameters, names of databases and tables' and form password?
You do the connection and table selection for them. What is done is your queries are appended by an unfiltered string. So if you have "select * from table where q='1234'" they don't need to know anything, except how to change it to "select * from table where q=1234 and 1=1". This oversimplified example will display all results in the table because 1 will always equal 1.
I'm by no means an "expert" in this area but have managed to pass PCI compliance scans. It really is a bit more complicated than a one-off answer. A good place to start, though, is if any input data is echoed back to the page unfiltered, you have a potential security hole.
So if you have a search form with the name "q" and you do stuff like this,
Consider also that these kinds of attacks never even visit the form. Don't need to, it's generally done via direct command line post/get.
Here is one simple XSS method. Request this on your site, changing "q" for some named element in any of your forms:
A simple mysql injection, using or 1=1:
where "3273" is a valid record resource in your database.
may not work as this site may render some of the encoded characters.
These are easily thwarted on their own, but it's a little more complex than just the samples here.
the basic principles are that you should consider all input to your application as potentially dangerous and you must check it.
check it means - check that it is the type of data that you were expecting, eg an alphanumeric string of upto 50 characters for instance, whitelist what is allowed rather than blacklist what isn't (because you might forget something with the blacklist method) do not clean incorrect data, reject it.