Is my website vulnerable?

Discuss the many weaknesses of browser security and ways to mitigate the threat

Is my website vulnerable?

Post by nomnum on Thu Feb 14, 2013 7:20 pm
([msg=73782]see Is my website vulnerable?[/msg])

I'd like to start off by saying I had no idea where to place this topic, no category seemed to fit it so off-topic seemed the only place for this not to get graveyarded. :?

So I was reading up on how to test if your website is vulnerable, and one sql injection technique said you can put a ' at the end of the URL and see if it returns a error message. I tried this and I got one:

Error querying db (SELECT * FROM bbk2Schedule WHERE id=2342\'): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

I decided to continue on with the website to see what someone could potentially do to me.
The next part of the tutorial said as follows:

To find number of columns we use statement ORDER BY (tells database how to order the result) so how to use it? Well just incrementing the number until we get an error.

http://www.xyz.com/news.php?id=5 order by 1/* <-- no error

http://www.xyz.com/news.php?id=5 order by 2/* <-- no error

http://www.xyz.com/news.php?id=5 order by 3/* <-- no error

http://www.xyz.com/news.php?id=5 order by 4/* <-- error (we get message like this Unknown column '4' in 'order clause' or something like that)

that means that the it has 3 columns, cause we got an error on 4


When i tried this technique, i got an error on 1 that said:

Error querying db (SELECT * FROM bbk2Schedule WHERE id=2342 order by 1/*): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/*' at line 1.

Long post short: Is my website vulnerable or not???? Im confused because it has symptoms of vulnerabilities but I myself cant find away to exploit it (Not meaning someone else cant of course)

Can someone tell me 1. if im vulnerable, and 2.how come the technique presented didnt work
nomnum
New User
New User
 
Posts: 5
Joined: Wed Jan 09, 2013 4:17 pm
Blog: View Blog (0)


Re: Is my website vulnerable?

Post by 0phidian on Thu Feb 14, 2013 7:32 pm
([msg=73786]see Re: Is my website vulnerable?[/msg])

It sounds like it is vulnerable. If you want to find out just how vulnerable run sqlmap on it. The techniques did work, getting an error is the point. The errors tell you it is vulnerable and give you info on how you could further exploit it. To prevent this vulnerability make sure you sanitize your input with something like
Code: Select all
mysql_real_escape_string()


and validate the input, by making sure it is a number in the correct range, before running it in a query.
User avatar
0phidian
Poster
Poster
 
Posts: 245
Joined: Sat Jun 16, 2012 7:04 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests