Special Ops 2

SO Social

Well I'm screwed.

From: Onion (50) | Posted: 5/20/04 08:35:36pm | Message Detail | #1
I need to edit a whole bunch of files that used (int) to get rid of things like "1+OR+id=1" in $_GET variables. I thought that any string with anything other than numbers in it was converted to 1 (based on a few tests like "echo (int) 'hi'"; and echo (int) '1 OR 1';.) but that's not the case and potentially allows untold security exploits.

._.
From: csk8er59 (10) | Posted: 5/20/04 08:39:28pm | Message Detail | #2
Pay some of ceej's hirelings to do it for you <_<
---
I'm a good little dooby.
www.tl.warpedbelief.com/ - <3
From: SpamDroid Alpha (10) | Posted: 5/20/04 08:51:09pm | Message Detail | #3
Ah, I was wondering what happened.
---
SPAM
From: Ant P (60) | Posted: 5/20/04 08:54:05pm | Message Detail | #4
http://uk.php.net/intval
k
---
PropagandaMNG
Fascists
From: Jay (40) | Posted: 5/20/04 08:56:08pm | Message Detail | #5
*doesn't get it*
From: miikrr x (10) | Posted: 5/20/04 09:01:05pm | Message Detail | #6
You wouldn't
From: Jay (40) | Posted: 5/20/04 09:08:19pm | Message Detail | #7
wtf, you must have done something like this

if ($_GET['thing'] > 10) $stuff = (string) $_GET['thing'];
$stuff = (int) $stuff;
?>
From: Ant P (60) | Posted: 5/20/04 09:21:21pm | Message Detail | #8
if (isset($_GET['action'],$_GET['item']) && $_GET['action'] == 'buy' && result("SELECT COUNT(*) FROM `shop` WHERE `id` = '".((int)$_GET['item'])."'") == 1) {
$item = mysql_fetch_row(mysql_query("SELECT `type`, `stock`, `price`, `purchases`, `id` FROM `shop` WHERE `id` = '".((int)$_GET['item'])."'"));

I can't read any of that crap.
---
PropagandaMNG
Fascists
From: Jay (40) | Posted: 5/20/04 09:28:45pm | Message Detail | #9
...That should work. If it can't find an integer value it'll change it to 0. In which case you can treat it like you would normally treat a zero.
From: Onion (50) | Posted: 5/20/04 09:33:46pm | Message Detail | #10
http://68.162.32.8:8080/shop.php.html

aholes ._.
From: Jay (40) | Posted: 5/20/04 09:46:20pm | Message Detail | #11
*still doesn't see what you're whining about*
From: Onion (50) | Posted: 5/20/04 09:51:25pm | Message Detail | #12
Neither do I. But somehow, I was able to buy a Stalker (id 4) with this string:

http://script-tease.net/at0/shop.php?buy=6+OR+id=4

6 is a system note, by the way.
From: Jay (40) | Posted: 5/20/04 09:54:47pm | Message Detail | #13
...Yes, you were able to buy staker because you have enough rupees to do so
From: Jay (40) | Posted: 5/20/04 09:54:53pm | Message Detail | #14
stalker*
From: EvilFlash2k11 (10) | Posted: 5/20/04 09:58:28pm | Message Detail | #15
....

I had that issue with board ID's. Adding OR1=1 on the end of the board ID would return every topic in the DB. Harmless, but ghey.
---
.....WTF
From: Xero (10) | Posted: 5/21/04 12:39:27am | Message Detail | #16
intval, you whore. even I knew that <_>!)!~~!2`````