From 6c7374c870ed42818e5a14ed5be32bf83735c737 Mon Sep 17 00:00:00 2001 From: dbursem Date: Fri, 6 Feb 2015 01:01:05 +0100 Subject: [PATCH 1/5] Fixed SQL injection vulnerabilities by using PDO statements. Not tested as I do not have a database schema and am too lazy to reverse engineer it. --- .gitignore | 2 ++ index.php | 95 +++++++++++++++++++++++++++--------------------------- sql.php | 30 ++++++----------- 3 files changed, 59 insertions(+), 68 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..43777a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.idea +config.php \ No newline at end of file diff --git a/index.php b/index.php index 1bb21b4..00646f8 100644 --- a/index.php +++ b/index.php @@ -1,61 +1,64 @@ 0"; +if (isset($_GET['rec'])) +{ + $recc="'&r=".$_GET['rec']."'"; + $q .=" AND rec=?"; + $params[] = $_GET['rec']; +} +else +{ + $recc = "\"\""; +} - -$req="select * from live where tim > 0"; -$req.=$reqc; +if (isset($_GET['pw'])) +{ + $parc="'&p=".$_GET['pw']."'"; +} +else +{ + $parc = "\"\""; +} $latmax=$latmin=$lonmax=$lonmin=0; -if (!$result=@mysql_query ($req)) - { - echo "

Request error $req


"; - @mysql_close($link); - exit(); - } +$stmt = $dbh->prepare($q); +$stmt->execute($params); - -if (@mysql_num_rows($result)==0) - { - $latmax=60; - $latmin=35; - $lonmax=30; - $lonmin=-10; - $lon=2; - $lat=45; - - - } +if ($stmt->columnCount() == 0) +{ + $latmax=60; + $latmin=35; + $lonmax=30; + $lonmin=-10; + $lon=2; + $lat=45; +} else - { - - $aa=0; - - while($ligne = @mysql_fetch_array($result)) +{ + $aa=0; + while($ligne = $stmt->fetch(PDO::FETCH_ASSOC)) { - extract($ligne); - if ($aa==0) - { - $latmax=$latmin=$lat; - $lonmax=$lonmin=$lon; - $aa=1; - } - else - { - if ($lat>$latmax) $latmax=$lat; - if ($lat<$latmin) $latmin=$lat; - if ($lon>$lonmax) $lonmax=$lon; - if ($lon<$lonmin) $lonmin=$lon; - } + extract($ligne); + if ($aa==0) + { + $latmax=$latmin=$lat; + $lonmax=$lonmin=$lon; + $aa=1; + } + else + { + if ($lat>$latmax) $latmax=$lat; + if ($lat<$latmin) $latmin=$lat; + if ($lon>$lonmax) $lonmax=$lon; + if ($lon<$lonmin) $lonmin=$lon; + } } - } +} echo " @@ -123,5 +126,3 @@ catch(e) { "; -@mysql_close($link); -?> diff --git a/sql.php b/sql.php index 77b4bcf..62f59c4 100644 --- a/sql.php +++ b/sql.php @@ -1,23 +1,11 @@
Connection not possible


"; - @mysql_close($link); - exit(); - } +include 'config.php'; - if (!(@mysql_select_db ("****databasename****",$link))) - { - echo "

Database access not possible


"; - @mysql_close($link); - exit(); - } - // *************************************************************************** - - } -?> +try +{ + $dbh = new PDO($cfg['db_type'].':host='.$cfg['db_host'].';dbname='.$cfg['db_name'], $cfg['db_user'], $cfg['db_pass']); + $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); +} +catch (PDOException $e) { + echo 'Connection failed: ' . $e->getMessage(); +} From ab87c92f77dbf1265ad3aa956f75fa2dd3adcd24 Mon Sep 17 00:00:00 2001 From: dbursem Date: Fri, 6 Feb 2015 01:03:52 +0100 Subject: [PATCH 2/5] added empty config file --- .gitignore | 1 - config.php | 9 +++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 config.php diff --git a/.gitignore b/.gitignore index 43777a1..485dee6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ .idea -config.php \ No newline at end of file diff --git a/config.php b/config.php new file mode 100644 index 0000000..87e7a44 --- /dev/null +++ b/config.php @@ -0,0 +1,9 @@ + 'mysql', + "db_host" => 'localhost', + "db_user" => '', + "db_pass" => '', + "db_name" => '', +]; \ No newline at end of file From a7a2f2563917d2afb84de6a3e790ba4ecbf298c3 Mon Sep 17 00:00:00 2001 From: dbursem Date: Fri, 6 Feb 2015 01:05:17 +0100 Subject: [PATCH 3/5] corrected gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 485dee6..43777a1 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .idea +config.php \ No newline at end of file From 43e40c59035d373765bae6fccb456e0acd07c3f1 Mon Sep 17 00:00:00 2001 From: dbursem Date: Fri, 6 Feb 2015 01:12:05 +0100 Subject: [PATCH 4/5] spotted little mistake --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.php b/index.php index 00646f8..01fbb0a 100644 --- a/index.php +++ b/index.php @@ -29,7 +29,7 @@ $latmax=$latmin=$lonmax=$lonmin=0; $stmt = $dbh->prepare($q); $stmt->execute($params); -if ($stmt->columnCount() == 0) +if ($stmt->rowCount() == 0) { $latmax=60; $latmin=35; From b1dd4b17487d232836a29c5a712afc212df442b7 Mon Sep 17 00:00:00 2001 From: dbursem Date: Fri, 6 Feb 2015 13:54:02 +0100 Subject: [PATCH 5/5] put back old mysql_connect() function for legacy support --- sql.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/sql.php b/sql.php index 62f59c4..ac80ba1 100644 --- a/sql.php +++ b/sql.php @@ -9,3 +9,21 @@ try catch (PDOException $e) { echo 'Connection failed: ' . $e->getMessage(); } + +//legacy mysql_connect for non-released code: + +$link; +if (!($link = @mysql_connect($cfg['db_host'], $cfg['db_user'], $cfg['db_pass'] ))) // +{ + echo "

Connection not possible


"; + @mysql_close($link); + exit(); +} + +if (!(@mysql_select_db ($cfg['db_name'],$link))) +{ + echo "

Database access not possible


"; + @mysql_close($link); + exit(); +} +// ***************************************************************************