To track down such situations
Posted: Sun Feb 02, 2025 4:08 am
You might think that setting the $is_admin variable to true requires an administrator password, without which it will remain undefined, and if($is_admin) will not be executed. However, the $is_admin variable can be set by calling the script with the argument ?is_admin=1. The site was hacked because the variable was omitted from the request (for example, $is_admin = false was not written at the beginning of the script).
it is worth enabling PHP to display all errors, warnings, and notices using the error_reporting directive. In the example above, a notice about the use of an uninitialized $is_admin variable would be visible in this case. That is why it is so important to write scripts with all PHP diagnostic messages enabled.
SQL injections
SQL injections
Developers and programmers often have to direct mail marketing for personal injury email list think about how to protect a site from being hacked when SQL injection attacks occur. They are aimed at sites that do not have proper separation of SQL queries and the data inserted into them. We will demonstrate what SQL injections look like using an example.
There is a site that is a bulletin board that users post. They are allowed to delete their posts through the interface. The PHP script code looks like this:
In this case, the message_id variable comes from the "Delete" link ($_REQUEST['message_id']), it contains the ID of the entry being deleted (an integer). The user_id variable is stored in the session, and the user ID is written to it upon successful authorization on the site.
Let's say the attacker was able to forge the address of the link to delete and instead of "?message_id=15" sent "?message_id=15 OR 1=1". After substituting this value into the request, it will become like this:
DELETE FROM messages WHERE id=15 OR 1=1 AND user_id=3
It is clear that the data has become an expression, the expression contains a logical "or" (OR), as a result of which the hacker "turns off" the user_id check and can delete other people's records.
Let's give another example - checking the user login and password, which are received in the variables $login and $password:
it is worth enabling PHP to display all errors, warnings, and notices using the error_reporting directive. In the example above, a notice about the use of an uninitialized $is_admin variable would be visible in this case. That is why it is so important to write scripts with all PHP diagnostic messages enabled.
SQL injections
SQL injections
Developers and programmers often have to direct mail marketing for personal injury email list think about how to protect a site from being hacked when SQL injection attacks occur. They are aimed at sites that do not have proper separation of SQL queries and the data inserted into them. We will demonstrate what SQL injections look like using an example.
There is a site that is a bulletin board that users post. They are allowed to delete their posts through the interface. The PHP script code looks like this:
In this case, the message_id variable comes from the "Delete" link ($_REQUEST['message_id']), it contains the ID of the entry being deleted (an integer). The user_id variable is stored in the session, and the user ID is written to it upon successful authorization on the site.
Let's say the attacker was able to forge the address of the link to delete and instead of "?message_id=15" sent "?message_id=15 OR 1=1". After substituting this value into the request, it will become like this:
DELETE FROM messages WHERE id=15 OR 1=1 AND user_id=3
It is clear that the data has become an expression, the expression contains a logical "or" (OR), as a result of which the hacker "turns off" the user_id check and can delete other people's records.
Let's give another example - checking the user login and password, which are received in the variables $login and $password: