How to Fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon

  • Home
  • Languages
  • PHP
  • How to Fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon

How to fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon

302 is the server's way of saying "I want you to go to [somewhere else]" (in this case login.php).
It is not an error but a perfectly normal response. Especially in your case it makes much more sense (if you ask me) to send the user to a login page after a SQL injection attempt than to let him in.

How to fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon

302 is the server's way of saying "I want you to go to [somewhere else]" (in this case login.php).
It is not an error but a perfectly normal response. Especially in your case it makes much more sense (if you ask me) to send the user to a login page after a SQL injection attempt than to let him in.

cakephp - sql injection test always shows failure

How to fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon

that error shows that the sql injection has been prevented. You don't need Sanitize for SQL injection, but for XSS.

SQL Injection - what else?

This:

    $uid = $_POST['uid'];
    $pass = $_POST['pass'];

Should be:

$uid = mysqli_real_escape_string($db_connect, $_POST['uid']);
$pass = mysqli_real_escape_string($db_connect, $_POST['pass']);

This way the variables become the escaped string else you just don't do anything to them.
And why do you use mysql_* with mysqli_* or pdo?
Using prepared statements is good tough.

UPDATE
You could also add trim() to remove useless spaces and strip_tags() to remove all html tags:

$uid = mysqli_real_escape_string($db_connect, trim(strip_tags($_POST['uid'])));
$pass = mysqli_real_escape_string($db_connect, trim(strip_tags($_POST['pass'])));

so an input like: <b onClick="some javascript injection">Test</b> is this <u>striped</u>? will become: Test is this striped?

How to prevent SQL injection in login page when SQL Server Compact Edition is used as a database

You have to pass the command that has the parameters defined and filled to the SqlCeDataAdapter, you have missed to do that.

change your code to below,

SqlCeConnection sqlcon = new SqlCeConnection();
sqlcon.ConnectionString = @"Data Source=dbLogin.sdf; password =rss900";
string query = "select * from [tblLogin] where username = @user AND password = @pass";
SqlCeCommand myCommand = new SqlCeCommand();
myCommand.Connection = sqlcon;
myCommand.CommandText = query;
myCommand.Parameters.Add("@user", txtUsername.Text);
myCommand.Parameters.Add("@pass", txtPassword.Text);

SqlCeDataAdapter sda = new SqlCeDataAdapter(myCommand);
DataTable dtbl = new DataTable();
sda.Fill(dtbl);
if (dtbl.Rows.Count == 1)
{
    Main objfrmMain = new Main();
    this.Hide();
    objfrmMain.Show();
}
else
{
    MessageBox.Show("Invalid Username or Password", "Access Denied", MessageBoxButtons.OK, MessageBoxIcon.Warning);
}

cannot perform sql injection on a unsecure form

You need to end the quote of the SQL in the posted username. And finish the final quote so its not a syntax error. Easy way is to make it into the 1=1 version in strings. ""="".

So:

" or ""="

I've tried SQL injecting my code which 'technically' should be vulnerable but it wont work

There are multiple ways to break your code; it is not secure. It doesn't have to be possible to execute a DROP statement for your code to be unsafe.

For example, the function SignUp is insecure. If the value of $_POST[email] is ' OR 1=1 --, then the authentication query becomes:

SELECT * FROM admin WHERE email = '' OR 1=1 --

(The -- is a common indicator of an attack; its purpose is to turn whatever follows into a comment.) This query will always return a result, because 1=1 is always true. So, your user will always be authenticated as an admin. This means newUser gets called, the attackers data gets inserted into the admin table, and you just lost control of your site.

MORAL: Always use prepared statements. Never directly insert a value that came from a user, could have come from a user, came from a database, came from an API, etc., directly into your SQL statements. Do not trust anybody (including yourself) when it comes to SQL injection, and use a prepared statement for every parameter or variable, every time.

You should read OWASP's guide to SQL injection issues, their SQL Injection Prevention Cheat Sheet, and their PHP Security Cheat Sheet.


Related Topics

Including PHP Variables in an External Js File

Setting $_Session Doesn't Work on Localhost Using Xampp

Calling a Controller Function in Another Controller in Codeigniter

Can Mongodb and Its Drivers Preserve the Ordering of Document Elements

Un-Encrypting/Re-Encrypting a Coldfusion Encrypted String in PHP

Set Multiple='False' in a Form in a Many to Many Relation Symfony2

Strip_Tags() Function Blacklist Rather Than Whitelist

PHP $String{0} VS. $String[0];

Check If Username Exists in MySQL Table via PHP

Mongodb Aggregate Query Using PHP Driver

Adding User Custom Field Value to Order Items Details

Check If Method Exists in the Same Class

Why Ob_Start() Must Come Ahead of Session_Start() to Work in PHP

PHP Remove/Fix Module Not Found or Already Loaded Warnings

Set Cart Item Price from a Hidden Input Field Custom Price in Woocommerce 3

Wherejsoncontains Laravel 5.6 Not Working

Firefox Error 'No Element Found'

Redirect to New Page W/ Post Data (Php/Zend)


Leave a reply



Submit