| From: Onion (50) | Posted: 5/20/04 08:35:36pm | Message Detail | #1 |
| I need to edit a whole bunch of files that used (int) to get rid of things like "1+OR+id=1" in $_GET variables. I thought that any string with anything other than numbers in it was converted to 1 (based on a few tests like "echo (int) 'hi'"; and echo (int) '1 OR 1';.) but that's not the case and potentially allows untold security exploits. ._. |
| From: csk8er59 (10) | Posted: 5/20/04 08:39:28pm | Message Detail | #2 |
| Pay some of ceej's hirelings to do it for you <_< --- I'm a good little dooby. www.tl.warpedbelief.com/ - <3 |
| From: SpamDroid Alpha (10) | Posted: 5/20/04 08:51:09pm | Message Detail | #3 |
| Ah, I was wondering what happened. --- SPAM |
| From: Ant P (60) | Posted: 5/20/04 08:54:05pm | Message Detail | #4 |
|
http://uk.php.net/intval k --- |
| From: Jay (40) | Posted: 5/20/04 08:56:08pm | Message Detail | #5 |
| *doesn't get it* |
| From: miikrr x (10) | Posted: 5/20/04 09:01:05pm | Message Detail | #6 |
| You wouldn't |
| From: Jay (40) | Posted: 5/20/04 09:08:19pm | Message Detail | #7 |
| wtf, you must have done something like this if ($_GET['thing'] > 10) $stuff = (string) $_GET['thing']; $stuff = (int) $stuff; ?> |
| From: Ant P (60) | Posted: 5/20/04 09:21:21pm | Message Detail | #8 |
if (isset($_GET['action'],$_GET['item']) && $_GET['action'] == 'buy' && result("SELECT COUNT(*) FROM `shop` WHERE `id` = '".((int)$_GET['item'])."'") == 1) {I can't read any of that crap. --- |
| From: Jay (40) | Posted: 5/20/04 09:28:45pm | Message Detail | #9 |
| ...That should work. If it can't find an integer value it'll change it to 0. In which case you can treat it like you would normally treat a zero. |
| From: Onion (50) | Posted: 5/20/04 09:33:46pm | Message Detail | #10 |
| http://68.162.32.8:8080/shop.php.html aholes ._. |
| From: Jay (40) | Posted: 5/20/04 09:46:20pm | Message Detail | #11 |
| *still doesn't see what you're whining about* |
| From: Onion (50) | Posted: 5/20/04 09:51:25pm | Message Detail | #12 |
| Neither do I. But somehow, I was able to buy a Stalker (id 4) with this string: http://script-tease.net/at0/shop.php?buy=6+OR+id=4 6 is a system note, by the way. |
| From: Jay (40) | Posted: 5/20/04 09:54:47pm | Message Detail | #13 |
| ...Yes, you were able to buy staker because you have enough rupees to do so |
| From: Jay (40) | Posted: 5/20/04 09:54:53pm | Message Detail | #14 |
| stalker* |
| From: EvilFlash2k11 (10) | Posted: 5/20/04 09:58:28pm | Message Detail | #15 |
| .... I had that issue with board ID's. Adding OR1=1 on the end of the board ID would return every topic in the DB. Harmless, but ghey. --- .....WTF |
| From: Xero (10) | Posted: 5/21/04 12:39:27am | Message Detail | #16 |
| intval, you whore. even I knew that <_>!)!~~!2````` |