Tracking Forums, Newsgroups, Maling Lists
Home Scripts Tutorials Tracker Forums
 
  HOME    TRACKER    PHP




Avatar Script Insertion Vulnerability (Security)


Looking at http://secunia.com/advisories/17295/ , it seems possible to embed javascript in images in a special way.

So, if a user provides an avatar or an image url like this pointing to an external site, they will be able to hack accounts.

Do you know how this can be avoided? And/or, how sites like vbulletin/phpbb/smf type of applications protect users from this?




View Complete Forum Thread with Replies
See Related Forum Messages: Follow the Links Below to View Complete Thread
PHP Security Vulnerability
im looking for some information about the way I have a website setup. So basically, to avoid multiple files and multiple folders etc, I have decided to take advantage of PHP and simplify it all. So lets say I have on my website, 4 main categories/pages if you will. Those pages are:

Books
Music
Video

Now, under those categories I have sub pages, for example, under books, I would have pages which list Comedy books, Horror books, and romance novels. So instead of having multiple pages and folders like this: Code:
Avatar Display Script
PHP Code:
Vulnerability ?
Sorry for the long intro but I think I should mention this first:
My site is driven by Smarty, a php based framework.
One of the features of Smarty is that after dynamically building a page,
it can be cached and re-used always after it has been compiled once.
One day a found a file *.txt? on my webspace and go very worried ...
Is There A Vulnerability?
header("Content-type: image/jpg");

If I have a PHP script that sets the content-type as above can the header be altered by the user to change the content-type?
Using If/else Statments To Fetch Avatar From Mysql Db
i want to fetch a value from my user database table for the current logged in user. Then using the conditions, if $X equals 0 echo the default avatar location, else get the location from avatar_loc field and echo the avatar. Code:
SQL Insertion Problem
I am have a little problem with inserting some info into my database. What I would like to do is be able to select the last row of my database because my data is sorted by database the most recent date will be at the bottom of my database.

This script is being used for uploading files and when the user uploads files the date is stored with it thats why the date is the most recent at the bottom.

Anyways I understand that mysql_num_rows($var); will tell me how many rows of data are in my database. I have tried a million times to use a for loop to get the last row of data.

There has to be some way to just extract the last row of data from my database I just dont know how.
Date Insertion ?
I am inserting date in a table as following....is it the correct way ?

$dt = getdate();
$day = $dt['mday'];
$month = $dt['mon'];
$year = $dt['year'];
$dt = $year."-".$month."-".$day;

$query = "insert into Articles(PostedDate) values('".$dt."')";
$result = mysql_query($query,$con);
Stripping Chars Before SQl Insertion
I have a form with an input box that the user puts in a dollar amount. I dont want them to put a dollar sign or anything else apart from the currency amount (1.00, 1,658 etc). How would I achieve this?
Problem With Ip Address Insertion
This problem is manifesting it self outside PHP at the level of directly typing commands into the MYSQL application itself. Obviously it is going to have the same effect inside PHP. I need escape characters or something but nothing I have tried works.

typing the command
INSERT INTO table(ip,commentfield)VALUES ("111.222.333", 'old spammer');

results in only the characters 111 appearing in the ip field . It is defined as a char 16 field.
Multiple Insertion Querry
I have an array of data in PHP. I would like to insert each member of the
array into it's own row in SQL. The array is of variable length, so it
would have to be dynamic code. How would I go about this? Would I stick
the SQL querry generation and actual querry into a while loop? This would
generate a lot of traffic between the SQL server and the PHP script.

The arrays are each over 1000 members long, however, this is an rare admin
script that will be run roughly 4 times a year, so I guess it isn't that
bad. If possible however, I would like to do it in one querry. Is that
possible? I thought I heard somewhere that it's impossible to run more
that one querry at once through PHP as a failsafe for users sticking bad
data into forms. (ie, you cant do: "querry1; querry2;", you have to do
"querry1;" querry it, then do "querry2;"
Insertion Of Data Not In Order
I have a slight problem with inserting data into MySQL tables with PHP. So far, everything that is entered into my form does get inserted correctly, meaning all data is added successfully to their respective columns. However, sometimes when I insert another set of data, it appears on top of the preceding data. The first column in my table is called 'employid', it set to auto_increment and primary. Code:
Stripping Chars Before SQl Insertion
I have a form with an input box that the user puts in a dollar amount. I dont want them to put a dollar sign or anything else apart from the currency amount (1.00, 1,658 etc)
How would I achieve this?
String Insertion And Extraction
is there a function to replace  a section af a string with another regardless of the values and to do the reverse i.e.

$srt1 = "ABCDEFGHIJKLM")
$str2 = "XY

// insert $str2 in to $str1 [3] and [4]
$srt1 = "ABCXYFGHIJKLM")
AND
$str = $str1 positions [7] and [8]
$str = "HI";

I want to do some incripion on text. OR will I have to create something?
After Mysql Insertion Another Row Is Added
on the site i am developing i have noticed after a database insertion is made, mysql insert another row (but only the id increments by 1)

if i insert:

id---name---age---country
1 ---Graham---28---Scotland

right after this will be:

2 ---blank---blank---blank

i checked the inserts carefully it all seems fine, then tried LIMIT 1, with the INSERT INTO but that didn't work, any ideas on what this could be?
Getting Primary Key Value Of Last Database Insertion
I have a very simple issue.  I have a bunch of data I'm inserting into a database to create an article.  When complete, I want to redirect to the article, but I need the node_id.  It just so happens that the node_id is the Primary key and is automatically generated by mySQL at insertion time.  Is there an easy way to get the value of the Primary key for the most recent insertion?
Mysql Data Insertion
I am using this script to load a file into the webserver, and store the path in the database. That is working fine. However, when I try to upload other information from the same field I keep getting the field name in the data. Code:
Image Upload & MySQL Insertion
I am having a bit of trouble getting my script to work. I am trying to get a file (image) to be uploaded to a specified path and insert the file name, a timestamp, and id into my MySQL database to later pull the files that I uploaded out from the DB and display them on a page. Could someone tell me what I am doing wrong? It displays the image upload form, just as I want it to, but if you submit the form, it just takes you back to it and does nothing. It doesn't give any errors, upload the file, nor does it insert anything into the DB.
Stop Sql Insertion On Every Page Refresh
The page has a form which basically take in a file name, and and upload button does the uploading.

the php code at the top of the page takes the file name and insert the name into a database.

the problem is: everytime the user presses the refresh button, a new entry is inserted into the database.
Two-Dimensional Array Insertion And Print
1. return results from an Oracle query into an array. there are 3 fields and approx. 2,000 records.

2. insert the results into an array of some type, inside of a loop, obviously.

3. print the results so i can verify the query is working.

PHP Code:
Code Insertion + Escape Chars
I'm updating my scripts a bit, and I was wondering how I could insert data in a textarea just by clicking a button. For instance add a Url or a smily ... (just like in these forums when posting)

An other question, how do I make sure I don't need to use a to get a ' For instance if I want to add content containing a " ' " I need to write "hello I'm ..."
Image Insertion And Retrievel Using Mysql
I've managed to get images inserted in mysql and can pull them out for display, but for some reason it looks as if the bottom 4th of the jpg photos do not show. Is there a space limitation for blobs?
Preparing Text For Insertion Into Database
I insert text into a MySQL Database using a TEXT field. PHP syntax is:

$query = "INSERT INTO data (text_field) VALUES('$text_field')";

The problem is, when the user has an apostroph (like "friggin' cool") in the text, MySQL misinterprets it, and the query is invalid. Is there a PHP function that formats the that input so it can be entered into the database?
Drag And Drop Insertion In MySql
I'm developing a site in PHP/MySql that requires Ajax for this feature
: The user read an article and if ever he likes it he can drag it and
drop it into his "basket". Then when he'll consult its account he'll
found that article.
Form Calculation Before Database Insertion
My problem is that i want to make a form where will be made calculations and after the calculation are made, the user should press submit and then, all the values from the form should be inseted into a database.

My code is writen under these lines, but all I want to do is the value code to be calculated from Nume and Prenume (for example, if the Nume value is 2 and Prenume value is 3, in the form the value of code should be 5. Code=Nume+Prenume, but i don't know how to write to make the calculation in real time. Code:
Drop Down Menus And Mysql Insertion
I'm looking to create drop down boxes for a user to select the date and then have it insert what they select for month, day, year, hour, minutes and insert it into mysql. It needs to be organized in a timestamp like so: 2007-02-28 21:06:40

I've created the drop down boxes and it works pretty well: Code:
Today's Date In Database Insertion
How do I insert today's date in a certain database row without using the date() function for a string?  For example, when you use PHPMyAdmin to insert a new table row and there's a column with the type "date", it gives you options such as CURDATE, NOW, etc.  How would I use that in a database query?
Insertion Of Data Into MySQL Tables By Date?
My assumption is that when you insert data into a MySQL table, the latest data is put on the bottom, and is thus the farthest from the beginning of any search you'd initiate. I assume the search starts at the top-most row (oldest) and works it's way down.

Since I'd like to search the latest data, and pull only about 10 rows of data, the most efficient manner would be to have the tables structured such that the newest content was always on top (a date-wise descendent structure).

There must be a way to create a table such that any insertion would be put on top. I know I can ORDER BY date when doing a SELECT command, but that would entail searching the entire data set; isn't there a way to define the table ahead of time such that a date/time column is always ranked in descending order?
Preventing Multiple Data Insertion On Page Reload
I am developing a PHP-mysql database. It is noted that when the
browser window is refreshed the data is inserted again in the
database. unfortunately there is no unique keys that I can use to
verify the existance of the data, so as to prevent the multiple
insertion. Is there any other way to prevent it otherthan introducing
another field for this purpose and verifying its existance?
Generate An Html Form, To Be Submitted For Insertion To A 3rd Table
1. display a form consisting of radio buttons and check boxes. multiple selection of check boxes per radio button basically.

I got this part done, it displays the data in the form which is being pulled from two separate tables.

2. Insert for each check box a record into a third table of the check box and radio button.

this is what i have thus far and I'm not really sure why it's not working from what i can see step by step it should be inserting the records, these arrays are the most terrible thing i can think of having to do. Code:
Complicated Email Parse Or Text Extraction And Database Insertion
I am trying to strip some data out of numerous emails and place it in
my database. I know that this seems as if it has been done before.
But, this is a little different. First, the numerous emails all have a
set of data that needs to be extracted and inserted into the database.
Some of the data in the email is id, name, address, city, state, zip,
company, etc. The catch is that the date is formated and presented
differently in each email. Take into consideration the following email
examples:

- excert from email #1
ID:.............. 12345
Name:............ JOHN DOE
Address:......... PO BOX 9999
City:............ Somecity
State:........... CA
Zip Code:........ 90210 ....
Security
Do you know where can I find something about security? it means encription and all that? can I do it with PHP?
PHP And Security??
I am very new with php and web content in general, and my concern is with my novice ability leaving huge secuirty holes for any joker to have there way with.

Here is my current thought.

If I have a php script in a public html fodler named index.php3 how secure is this if at all.

Say I have a line like:
MySql_pconnect("host","account","passowrd");

How easy is it for people to get the host,account,password.
Security
For security reasons I want to know more about (1)where session store its info and (2)what "single sign on" is. Does anybody know any articles about these subjects, or does anyone know the answers to these 2 questions?
PDF Security
This is where the security problem is POSTED

Is there anything we could server side?

In the meanwhile I am turning off on each client's domain the user PDF uploading capability (where it is allowed) and restrict to the domain admin side that capability.
Security
I have some weak points in security side /php/ !!!so
I want to IMPROVE my skils in php security . !!!! , pleeeeez if you
have any resrces or any for example ebook
PHP Security
Well I am trying to secure my PHP site a bit better and I wanted to ask a few peoples oppinions on security. I have read the PHP Manual security page and a few tutorials for securing my site a bit better.

What I wanted some oppinions on was the Address that is displayed in the browser....
http://www.***********.com/itemdetails.php?products_id=11

I was curious if there is any way I can hide that so maybe it says http://www.********/<itemname>/. Is there a way in PHP I can fake the address bar at the top? Or, is this even the most effective way. Is there a better way of doing something with the address bar so it doesnt reveal so much information about my website layout.
Security
does anyone know how i could send information eg credit card details to my database which is mysql. i know this isnt the most secure database as it is connected via the internet but that doesnt matter to me. any example code would be of great help to me. i will be using drop down menus and forms.
Security In Php
I'm doing ok for a newbie in php, but i just have a few questions as far as security goes. i am actually a java programmer, so from my experience with an object oriented language i would like to use encapsulation and other methods used in java with php for example i would like to make a php page that handles my database connection and has a whole lot of functions that i can call as i need them instead of re-coding the connection each time. i know that i can use 'require('****.php')' and 'include('xxx.php')' to get access to the code in xxx.php but can i extend and override the functions in xxx.php and is it safe to connect to a database in this way?

i also wanted to know if it more secure to put a php script in the same web page or to make a page that contains the script and another html page that uses a form to goto the the php page? and finally i just want to know if anyone knows of any good reading material on the topic of intergrating java with php (except the php manual) ....
PHP Security
I'm working on developing an application in PHP4/MySQL and I've got very little experience with either. Most of my work is in ASP/Access and compiled programs. The app that I'm developing doesn't need to be perfectly secure, but I want to avoid common pitfalls, and I have no idea where to start.

From your experience, what are some common security pitfalls that are inherent in the language? I shouldn't have any trouble with program logic being an issue, just stuff that may be PHP specific. (Like the User being able to put anything that they'd like in the QueryString and having that show up as a variable in the script).
PHP Security
I am developing an online application and the last thing I need to get
a handle on is security.
This app is very heavy with forms. Business critical data will be
entered via forms and inserted in to a database (mysql).

I've google "php security" and from what I've read, I should:

1) Filter all form data by stripping all non-alpha/numeric characters
out,

2) Have the database on a different server,

3) Use "POST" not "GET",

4) Turn global variables off.

5) Use sessions for logins

Should this do it? Or do I need more precautions?
Even with all this can I still get hacked?
Security
What is more secure ?

Encrypt data using php functions before send it to database (mysql), or
Encrypt directly on database, using encryption functions of database
server ?

Ex:

$key = "this is a secret key";
$input = "Let us meet at 9 o'clock at the secret place.";
---
$encrypted_data = mcrypt_ecb (MCRYPT_AES, $key, $input,
MCRYPT_ENCRYPT);
or
$query = "insert into myTable (text)
values(AES_ENCRYPT('".$input."','".$key."'))";

I think encrypt data directly with php is better because the
information is sent directly encrypted to database server, but i not
sure.


Security
Im trying to create a forum on my website. I use PHP and store the
messages in a mySQL dataqbase. Messages can be entered in a textarea.
What should i do to prevent that user enter code (javascript or php or
mysql or ...) that can be executed when i show a message with html? Is
it enough to use htmlspecialchar()?
Any tips?


PHP Security
I am fairly new to the php scene but have managed to learn quite a bit from you folks and other resources on the web. I have developed a few scripts that actually work. LOL.

I ran across a post on here mentioning Chris Shiflett and took a trip over to his site. He has some intriguing articles on the security of php scripts. However, he doesn't get into much detail as it would seem he writes for a more advanced crowd.

Anyway, what I am looking for now is more information on securing these scripts. Know a good book? Maybe a good website? By all means, let me know!
Security
I read up and created my first script yesterday. It goes to a MYSQL server and runs a series of queries on multiple tables to create a field of keywords for a web application we run. It works great. However, the script includes the username and password to log into our database. What do I need to do to make this secure? It needs to be run a couple times per day.

If I put persmissions at 400, 600 or 700, (as I have read some suggest) it will not run from a web browser. If I put it at 751 or 755 it will run, but I don't know if I am opening myself up for problems. If I keep it at say 400, 600 or 700, how do I run the script?
PHP Security
I have been developing a 2d browser based game with PHP and MySQL. It is not finished yet but it is close.  I was hoping someone experienced in PHP could help me make it as secure as possible.  I am good with PHP however I don't have very good knowledge with PHP security.
PHP Security
i am aware of sql injection but I'm lock of knowledge on how to prevent this by increasing the security of the php code. i don't know where and when exactly to use the regular expression, trim, strpos, strsub, urlencode, urldecode functions, etc. because i am a beginner programmer. do i need to use the stripslashes to all input? For example i have a login form with user id and password, i want to know what and how to filter the input before i insert or select into sql? and for the registration form input filtering, is it the same as the login form filtering? please explain to me  on how to prevent the sql injection.
Php Security
I just want to know how would php security compare to java security? Its because that me and my officemate are developing a site which would handle confidential documents and we just cant decide on whether we should use php or java. Please do post you opinions regarding this and it would even be better if you could also post links to write-ups about php security.
Security
I've got a employee database that enables a 'narator' to add,delete, or edit very sensitive records. but before  it gets saved to the database it needs to be verified by the 'supervisor'. Is it possible for me to make the buttons on the employee management system that serves as a dummy and just sends the page to the supervisor via email for his authentication and processing.
PHP Security
I just need to know the best way to check security of the pages. When I write log-ins I compare username and password to the mysql database, then create cookies. Then each page starts with an include. The page is a check to confirm that the cookies have been set, then confirm that the username and password are the correct ones with relation to each other.

If this is all good it returns true. Following this there's an if statemtent,

if ($check == "true"){
the site shows,
}
else{
$log_error;
die();
}

Is this secure enough, is there ways round this, or better ways of doing it?
Copyright © 2005-08 www.BigResource.com, All rights reserved