EllisLab text mark
Advanced Search
     
MySQL Injection
Posted: 15 April 2011 12:35 AM
Joined: 2011-04-14
15 posts

Hi guys


Just gonna do quite a complex site with CI, but i want to know if i need to escape my user input before i pass it to active record, or does active record escape everything for me?

Cheers


-Robert

 
Posted: 15 April 2011 01:49 AM   [ # 1 ]   [ Rating: 0 ]
Joined: 2011-04-15
4 posts

MySQL Database is a great product used by thousand of websites. Various web applications use MySQL as their default database. Some of these applications are written with security in mind, and some are not. In this article, I would like to show you how you can exploit SQL injection in order to gain almost full control over your webserver.

Most people know that SQL injection allows attackers to retrieve database records, pass login screens, change database content, through the creation of new administrative users. MySQL does not have a built-in command to execute shell commands, like Microsoft SQL server. I will show you how to run arbitrary commands using standard features provided by MySQL.

First of all, I would like to give a brief description of SQL injection, then I would like to present you with a couple less known methods that exist in MySQL, which I will use to backdoor a webserver. I will use 2 built-in MySQL commands - one that writes arbitrary files and the one that can be used to read arbitrary files. After that I will describe webshells and go to the attack itself.

College Girls

 
Posted: 15 April 2011 03:14 AM   [ # 2 ]   [ Rating: 0 ]
Avatar
Joined: 2009-06-19
6707 posts

@lisahill Fool!

@lenswipe

If you use the CodeIgniter Active Record it escapes all fields for you!

The only other thing you will need to do is xxs_clean your input data

// Global xxs_clean - application/config/config.php
$config['global_xss_filtering'TRUE;

// Manual xxs_clean
$this->input->post('some_data'TRUE); 

InsiteFX

 Signature 

Certified State of CT Computer Programming Teacher.
Custom Designed Icons, eBook Covers Software Boxes. CD, DVD Etc. New iPhone® Tab Bar Icons and iPhone® Applications Icons.

Skype: insitfx

STOP! Before posting your questions, remember the WWW Golden rule:
What did you try? What did you get? What did you expect to get?

Input -> Controller | Processing -> Model | Output -> View

 
Posted: 15 April 2011 07:36 AM   [ # 3 ]   [ Rating: 0 ]
Avatar
Joined: 2008-05-09
314 posts

what @InsiteFX says.

using codeigniter’s active record class will automatically escape input
http://ellislab.com/codeigniter/user-guide/database/active_record.html

or, if you prefer writing the SQL manually you can also use query bindings:
http://ellislab.com/codeigniter/user-guide/database/queries.html

 Signature 

Starfish Web Consulting Web Design & Development Belfast

Quicksnaps - CI Photo gallery app

 
Posted: 15 April 2011 07:44 AM   [ # 4 ]   [ Rating: 0 ]
Joined: 2011-04-14
15 posts

I think im using the active record class…

im doing $data[‘query’] = $this->db->get->(‘tablename’);

is that active record?

 
Posted: 15 April 2011 07:45 AM   [ # 5 ]   [ Rating: 0 ]
Avatar
Joined: 2011-04-06
9 posts

@InsiteFX

Just to clear, If :

$config[‘global_xss_filtering’] = TRUE;

it filters also like GET, COOKIE and etc?

 
Posted: 15 April 2011 08:06 AM   [ # 6 ]   [ Rating: 0 ]
Avatar
Joined: 2008-05-09
314 posts

@lenswipe yes, that is active record. and it will escape all your queries. that’s not to say that you shouldn’t filter all input. for example, it your site implements user comments you’ll want to run them through xss_clean as @InsiteFX points out.

 Signature 

Starfish Web Consulting Web Design & Development Belfast

Quicksnaps - CI Photo gallery app

 
Posted: 15 April 2011 08:18 AM   [ # 7 ]   [ Rating: 0 ]
Avatar
Joined: 2008-05-09
314 posts

@coderedmax the user manual states that it will clean POST and COOKIE data but a look at the code shows that the GET array and $_SERVER[‘PHP_SELF’] are also sanitised.
https://bitbucket.org/ellislab/codeigniter-reactor/src/caf76403451b/system/core/Input.php#cl-435

 Signature 

Starfish Web Consulting Web Design & Development Belfast

Quicksnaps - CI Photo gallery app

 
Posted: 15 April 2011 09:18 AM   [ # 8 ]   [ Rating: 0 ]
Joined: 2011-04-14
15 posts

thanks for the help eoinmcg smile

 
Posted: 15 April 2011 05:49 PM   [ # 9 ]   [ Rating: 0 ]
Avatar
Joined: 2009-06-19
6707 posts

@coderedmax

Global xss is also cpu hog!

Thats why most users do not use it!

InsiteFX

 Signature 

Certified State of CT Computer Programming Teacher.
Custom Designed Icons, eBook Covers Software Boxes. CD, DVD Etc. New iPhone® Tab Bar Icons and iPhone® Applications Icons.

Skype: insitfx

STOP! Before posting your questions, remember the WWW Golden rule:
What did you try? What did you get? What did you expect to get?

Input -> Controller | Processing -> Model | Output -> View

 
Posted: 20 June 2013 01:26 AM   [ # 10 ]   [ Rating: 0 ]
Avatar
Joined: 2013-06-19
26 posts
Hello Guys,

I have error like this :

Error Number1064

You have an error in your SQL syntax
check the manual that corresponds to your MySQL server version for the right syntax to use near ‘-22’ at line 4

SELECT 
FROM (`user`) ORDER BY `noASC LIMIT -22

Filename
D:\xampp\htdocs\cibootstrap\system\database\DB_driver.php

Line Number
330


this error appear when i am add ” 
” in the pagination.


this is my model :


<?php

class User_model extends CI_Model{
 
    
function get_all($num$offset)
    
{
        
        $this
->db->order_by('no''ASC');
        
$data=$this->db->get('user'$num$offset);
        return 
$data->result();
    
}
    
    
function save($data){
        
        $this
->db->insert('user',$data);
    
}



and this is my controller :
[code]public function about($id=NULL){

 
//pengaturan pagination
 
$jml $this->db->get('user');

 
$config['base_url'base_url().'index.php/bootstrap/about';
 
$config['total_rows'$jml->num_rows();
 
$config['per_page''2';
 
$config['first_page''Awal';
 
$config['last_page''Akhir';
 
$config['next_page''&laquo;';
 
$config['prev_page''&raquo;';
 

 

 
 
//inisialisasi config
 
$this->pagination->initialize($config);
       
 
       
//buat pagination
 
$data['halaman'$this->pagination->create_links();
       
    

       
//tamplikan data
    
$data['query'$this->user_model->get_all($config['per_page']$id);
 
$this->load->view('include/header');
 
$this->load->view('about',$data);
 
$this->load->view('include/footer');
 
 
 


how to fix it.

 Signature 

Johan Riyanto
Web Programmer
+62-878-3073-3264

 
Posted: 22 June 2013 08:58 PM   [ # 11 ]   [ Rating: 0 ]
Avatar
Joined: 2012-01-26
109 posts

@ johanriyan I answered that one in this thread.
In future if you have a problem that’s not related to the original post then search for your problem and, if you don’t find the answer, create a new post

 Signature 

Founder and Owner of Scotland Digital

 
Posted: 23 June 2013 03:27 AM   [ # 12 ]   [ Rating: 0 ]
Avatar
Joined: 2013-02-12
233 posts

active records automatically escapes injection.

 
Posted: 23 June 2013 09:35 PM   [ # 13 ]   [ Rating: 0 ]
Avatar
Joined: 2013-06-19
26 posts

thk u guys,

i love codeigniter and i love you all.

 Signature 

Johan Riyanto
Web Programmer
+62-878-3073-3264