0

how to make php security in the url with the get method
for example as
media.php?hal=detail&id=1

Edited by bro_1

4
Contributors
6
Replies
32
Views
2 Years
Discussion Span
Last Post by veedeoo
0

See OWASP Top Ten especially the A1 - Injection. Probably all the web developer needs to know about the security. It is a lot of stuff to read and you do not have to digest it all at once. But make sure you bookmark it.

0

Hi guys,Thanks for your informative post.I bookmarked this link.Actually I am beginning learner of web developer so it's really more useful to us.Thanks once again.

Edited by elitefilming

0

Welcome to php and hopefully you will get plenty of joy in programming. If this question is answered please mark the thread as solved.

0

This is a pretty simple ethical hacking for testing purposes only. This may work or may not work.. just bringing the points accross.

for example if you don't sanitize and validate this

media.php?hal=detail&id=1

and if I visited your site and I want to see all of your media. I would put this on my browser

media.php?hal=detail&id=10000000

Hoping that you did not turn off your error reporting. I would probably get an error saying

media_id is not valid or not found.

now, I know one of the column of your database. With this given info. thanks to your server, I can change the url above to

media.php?hal=detail&id=''ORmedia_id REGEXP '^[0-9]'

if we use that on our query, it will spit out all of the media with media_id matching anything from 0 to 9 ..

Edited by veedeoo: more info added

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.