Blind SQL injection

Question

Blind SQL injection

when i use acunetix on my page i get: Blind SQL / XPath injection

header: GET / file.php? id = 2 '+ and + 31337-31337 = 0 + - + & page = 2

Answer:

no files found

(sometimes this shows the results)

here is my php code:

$id = (int) htmlentities($_GET['id']);
$fileid = mysql_real_escape_string($id);

inquiry:

SELECT * FROM `files` WHERE `id` = '".$fileid."'

what am I doing wrong? can someone delete my database with this? im also receives the same message on some requests almost equal to this, but which also have a limit of 0.1

I use paginator (I fixed some injections where in this script), but in the example I did not use it

+3

php sql-injection

Pizza overflow Dec 25 '09 at 12:48

source share

2 answers

Akinzekeel · Answer 1 · 2009-12-25T00:55:09+0000

Listing id on int should already prevent any chances of SQL injection attacks (as far as I know).

$id = (int) $_GET["id"];
$Query = "SELECT * FROM files WHERE id = $id;";

file.php? id = abcabc $id = 0, , id, $id ( SQL) - .

, .

Alix Axel · Answer 2 · 2009-12-25T00:56:35+0000

, Acunetix , , - SQL- .

Blind SQL injection

no files found

More articles: