From: Onion (50) | Posted: 5/20/04 08:35:36pm | Message Detail | #1 |
I need to edit a whole bunch of files that used (int) to get rid of things like "1+OR+id=1" in $_GET variables. I thought that any string with anything other than numbers in it was converted to 1 (based on a few tests like "echo (int) 'hi'"; and echo (int) '1 OR 1';.) but that's not the case and potentially allows untold security exploits. ._. |
From: csk8er59 (10) | Posted: 5/20/04 08:39:28pm | Message Detail | #2 |
Pay some of ceej's hirelings to do it for you <_< --- I'm a good little dooby. www.tl.warpedbelief.com/ - <3 |
From: SpamDroid Alpha (10) | Posted: 5/20/04 08:51:09pm | Message Detail | #3 |
Ah, I was wondering what happened. --- SPAM |
From: Ant P (60) | Posted: 5/20/04 08:54:05pm | Message Detail | #4 |
http://uk.php.net/intval k --- |
From: Jay (40) | Posted: 5/20/04 08:56:08pm | Message Detail | #5 |
*doesn't get it* |
From: miikrr x (10) | Posted: 5/20/04 09:01:05pm | Message Detail | #6 |
You wouldn't |
From: Jay (40) | Posted: 5/20/04 09:08:19pm | Message Detail | #7 |
wtf, you must have done something like this if ($_GET['thing'] > 10) $stuff = (string) $_GET['thing']; $stuff = (int) $stuff; ?> |
From: Ant P (60) | Posted: 5/20/04 09:21:21pm | Message Detail | #8 |
if (isset($_GET['action'],$_GET['item']) && $_GET['action'] == 'buy' && result("SELECT COUNT(*) FROM `shop` WHERE `id` = '".((int)$_GET['item'])."'") == 1) { I can't read any of that crap. --- |
From: Jay (40) | Posted: 5/20/04 09:28:45pm | Message Detail | #9 |
...That should work. If it can't find an integer value it'll change it to 0. In which case you can treat it like you would normally treat a zero. |
From: Onion (50) | Posted: 5/20/04 09:33:46pm | Message Detail | #10 |
http://68.162.32.8:8080/shop.php.html aholes ._. |
From: Jay (40) | Posted: 5/20/04 09:46:20pm | Message Detail | #11 |
*still doesn't see what you're whining about* |
From: Onion (50) | Posted: 5/20/04 09:51:25pm | Message Detail | #12 |
Neither do I. But somehow, I was able to buy a Stalker (id 4) with this string: http://script-tease.net/at0/shop.php?buy=6+OR+id=4 6 is a system note, by the way. |
From: Jay (40) | Posted: 5/20/04 09:54:47pm | Message Detail | #13 |
...Yes, you were able to buy staker because you have enough rupees to do so |
From: Jay (40) | Posted: 5/20/04 09:54:53pm | Message Detail | #14 |
stalker* |
From: EvilFlash2k11 (10) | Posted: 5/20/04 09:58:28pm | Message Detail | #15 |
.... I had that issue with board ID's. Adding OR1=1 on the end of the board ID would return every topic in the DB. Harmless, but ghey. --- .....WTF |
From: Xero (10) | Posted: 5/21/04 12:39:27am | Message Detail | #16 |
intval, you whore. even I knew that <_>!)!~~!2````` |