1
When I try to log in to the administration page of the site with ' OR 1=1 -- in the login and password it allows access!
I’m trying to use the next function, but I still have access without permission:
function protect( &$str ) {
if( !is_array( $str ) ) {
$str = preg_replace( '/(from|select|insert|delete|where|drop|union|order|update|database)/i', '', $str );
$str = preg_replace( '/(<|<)?script(\/?(>|>(.*))?)/i', '', $str );
$tbl = get_html_translation_table( HTML_ENTITIES );
$tbl = array_flip( $tbl );
$str = addslashes( $str );
$str = strip_tags( $str );
return strtr( $str, $tbl );
} else {
return array_filter( $str, "protect" );
} }
On the login check screen, you have the following code:
session_start();
$login = protect($_SESSION['login']));
$senha = protect($_SESSION['senha']));
Could someone give me a hand? How to block this kind of access?
Suggestion, delete this crazy function there as soon as possible. Around half one of these appears here on the site, most of it was taken from a blog where the author himself said he did not know what he was doing (and was detonated in the comments deservedly). In addition to serving nothing useful, it generates a lot of undesirable side effects. The original misfortune called
anti_injection
, if I’m not mistaken. When you have 10,000 reputation points you can see some versions that have already been deleted here from the site.– Bacco
Thank you, Bacco! I will see the post that was tagged!!!
– Felipe
I took the main ones I remembered as a reference, but do a search on the related links that appear next to each post. The important thing is to learn how to escape the strings with native functions and always handle the data coming from the client side. Has several posts on the site dealing with injection and also password security.
– Bacco
This is nice for you to understand how it happens: https://answall.com/questions/100729/howto happen a-sql-injection?rSearchResults&s=1|92.4600
– Bacco