Thread: SQL INJECTION
View Single Post
  #1  
Old 18th April 2019, 13:34
BamBam0077 BamBam0077 is offline
Banned
 
Join Date: Jul 2013
P2P
Posts: 410
Default SQL INJECTION
Code:
$subject="Failed login";
	  $msg = "Security alert\n Account: ID=".$row['id']." Somebody (probably you, ".$username." !) tried to login but failed!". "\nTheir Ip Address  was : ". $ip . "\n If this wasn't you please report this event to a {$TBDEV['site_name']} staff member\n - Thank you.\n";
	  $sql = "INSERT INTO messages (sender, receiver, msg, subject, added) VALUES('System', '$to', ". sqlesc($msg).", ". sqlesc($subject).", $added);";
	  $res = sql_query($sql) or sqlerr(__FILE__, __LINE__);
	  stderr("Login failed !", "<b>Error</b>: Username or password entry incorrect <br />Have you forgotten your password? <a href='{$TBDEV['baseurl']}/resetpw.php'><b>Recover</b></a> your password !");
	  bark();
Code:
    if ($fail[0] == 0)
    sql_query("INSERT INTO failedlogins (ip, added, attempts) VALUES ($ip, $added, 1)") or sqlerr(__FILE__, __LINE__);
    else
    sql_query("UPDATE failedlogins SET attempts = attempts + 1 where ip=$ip") or sqlerr(__FILE__, __LINE__);
Code:
    // check if email addy is already in use
    $a = (@mysql_fetch_row(@sql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
    if ($a[0] != 0)
    stderr($lang['takesignup_user_error'], $lang['takesignup_email_used']);
Code:
$res = @mysql_query("SELECT passhash, editsecret, status FROM users WHERE id = $id");
    $row = @mysql_fetch_assoc($res);
    if (!$row)
      stderr("{$lang['confirm_user_error']}", "{$lang['confirm_invalid_id']}");
    if ($row['status'] != 'pending') 
    {
      header("Refresh: 0; url={$TBDEV['baseurl']}/ok.php?type=confirmed");
      exit();
    }
Code:
@mysql_query("UPDATE users SET status='confirmed', editsecret='' WHERE id=$id AND status='pending'");
Code:
 $pmcount = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM messages WHERE receiver=".$CURUSER['id']." AND location >= '1' || sender=".$CURUSER['id']." AND saved = 'yes' ")) or sqlerr(__FILE__,__LINE__);
Code:
        if ($pm_id)
        {
          // Move a single message
          @sql_query("UPDATE messages SET location=" . sqlesc($pm_box) . " WHERE id=" . sqlesc($pm_id) . " AND receiver=" . $CURUSER['id'] . " LIMIT 1");
        }

Last edited by BamBam0077; 18th April 2019 at 14:34.
Reply With Quote