The website has a problem and a vulnerability exists. come here today and ask the csdn team to help solve the problem.

Source: Internet
Author: User
Website problems, there are loopholes, today come here to ask csdn brothers help me solve I made a health care products station http://www.bjp51.net these two days a little problem, with 360 sweep, high risk, only 49 points, the report is as follows:



The first is a very serious problem. I want to solve the first problem today.
Let's take a look at the comments in Section 360.


I don't know how to change it. I hope you can help solve it.



Reply to discussion (solution)

This is the source code of the contrast. php file.

 Alert ('Operation failed! Select at least one item. '); Window. opener = null; window. open ('', '_ self'); window. close () script "; exit;} $ tdwidth = floor (90/$ I); // round, 10% on the left $ SQL = "select * from zzcms_main where id in ($ id)"; $ rs = mysql_query ($ SQL);?>
 
 
[Product image] "Target =" _ blank "> alt =" "Border =" 0 ">
[Product name]
[Main functions]
[Specification packaging]
China Merchants region
Product Description
Available support
Requirements for agents
Remarks

$ Id = '';
If (! Empty ($ _ POST ['id']) {
For ($ I = 0; $ I $ Id = $ id. ($ _ POST ['id'] [$ I]. ',');
}
$ Id = substr ($ id, 0, strlen ($ id)-1); // remove the last ","
}
$ SQL = "select * from zzcms_main where id in ($ id )"

He thinks that you use the imported data in the SQL command without checking.

$ Id = '';
If (! Empty ($ _ POST ['id']) {
For ($ I = 0; $ I $ Id = $ id. ($ _ POST ['id'] [$ I]. ',');
}
$ Id = substr ($ id, 0, strlen ($ id)-1); // remove the last ","
}
$ SQL = "select * from zzcms_main where id in ($ id )"

He thinks that you use the imported data in the SQL command without checking.



My name is php. how can I verify it? how can I check it?

Also, if I don't check it, is it easy to be injected?

 $id = $id . (intval($_POST['id'][$i]) . ',');

The principle of SQL injection is to inject data from the address bar or form.


If you GET $ _ GET ["a"] from the address bar and use it directly in the program without filtering, it will pose a threat. For example:

If $ _ GET ["a"] = 1; then:
$ SQL = "SELECT * from aa where id = $ _ GET [" a "]"; that is, $ SQL = "SELECT * FROM AA WHERE id = 1 ";
However, if someone else modifies the value of $ _ GET ["a"] to 1 or (and) XXX, the query statement becomes

$ SQL = "SELECT * FROM AA WHERE id = 1 or (and) xxx ";


That's why I got it.

Therefore, the parameters in the address bar and form must be formatted and filtered out to specify the type, length, and characters ......

$ SQL = "select * from zzcms_main where id in ($ id )";
$ Id? Yes? OK ??, Use ?? What? Yes ,? But it was injected.

Because? Id can only be? So you can use intval? Cheng? Word, if not? Word ??? 0 ,?? The injection fails.

Security level: High risk
The security level beat 46% of websites nationwide!

$ Id = $ id. (intval ($ _ POST ['id'] [$ I]). ',');

The input data replaces the single quotes with two consecutive single quotes. the SQL statement uses the input parameters with single quotes.
$ Id = str_replace ("'", "'' ", $ _ POST ['id']);
$ SQL = "select * from tb_user wher id = '$ ID '";
In this way, we are not afraid of injection.



Thank you for choosing $ id = $ id. ($ _ POST ['id'] [$ I]. ','); replace with $ id = $ id. (intval ($ _ POST ['id'] [$ I]). ','

That's right.

The above is not correct. I changed it to this.
If (! Empty ($ _ POST ['id']) {
For ($ I = 0; $ I // $ Id = $ id. ($ _ POST ['id'] [$ I]. ',');
$ Id = $ id. (intval ($ _ POST ['id'] [$ I]). ',');
}
$ Id = substr ($ id, 0, strlen ($ id)-1); // remove the last ","
}

Is that true?

if(!empty($_POST['id'])) {  $id = join(',', array_map('intval', $_POST['id']));}
You 'd better change $ id to another name.

if(!empty($_POST['id'])) {  $id = join(',', array_map('intval', $_POST['id']));}
You 'd better change $ id to another name.


I am not familiar with php, so I will use this code without looking for variables.
Thank you for your selfless spirit.
I found out that you are solving another problem for me. thank you again!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.