NamePros
Welcome, Guest! Ready to make a name for yourself in the domain business? We welcome both the hobbyist and professional domainer to join the discussion as part of the NamePros community.

Click here to create your profile to start earning reputation for posting, and trader ratings for buying & selling in our free e-marketplace. Build your trader rating with each successful sale. Our system has tracked over 100,000 sales and counting!
FAQ & TOS Register Search Today's Posts Mark Forums Read

Go Back   NamePros.com > Website Development Discussion Forums > Programming
Reload this Page Urgent help please (Experts)

Programming PHP, Perl, Ruby on Rails, AJAX, HTML, XHTML, CSS, JavaScript, MySQL and any other coding topics.

Advanced Search


Closed Thread
 
LinkBack Thread Tools
Old 12-21-2005, 06:12 PM THREAD STARTER               #1 (permalink)
NamePros Regular
 
Zubair1's Avatar
Join Date: Mar 2005
Posts: 912
Zubair1 is just really niceZubair1 is just really niceZubair1 is just really niceZubair1 is just really niceZubair1 is just really nice
 


AIDS/HIV

Urgent help please (Experts)


Hello,
I need help on a security filter script / access logging.
????: NamePros.com http://www.namepros.com/programming/150206-urgent-help-please-experts.html
A script that will filter all incomming $_POST and $_GET data. Check every variable for data manipulation, cross site scripting vulnerabilities, sql injection and all standard php vulnerabilities.
Script should output original $_POST and $_GET arrays with malicious characters/code removed or replaced by it's equivalent. The script should not die() or exit(). If malicious code found, issue javascript alert and redirect to page where it came from, notify admin via email. Also, create an array for variables which shouldn't be processed by the script which can be passed to the script in terms of global variables.
This script will be included in files.
It has to contain routine for access logging. IP,DATE,TIME,REFERRER,URI_STRING,QUERY_STRING,GET, POST,
SESSION data. Storing --- DB. Design DB table for it.

Please help or make a sort of script and i can give the person
points about 100 $NP or maybe even 200 $NP

Would really appreicate any help


Regards,
__________________
Live Support : Zubair11 [at] hotmail.com
Free SEO Directory! || Free Online TV || Tech Blog
Web Design & Web Development Services || Reliable Web Hosting
Zubair1 is offline  
Old 12-21-2005, 06:44 PM   #2 (permalink)
Senior Member
Join Date: Nov 2005
Location: Hong Kong
Posts: 1,154
aznchong91 is a jewel in the roughaznchong91 is a jewel in the roughaznchong91 is a jewel in the rough
 



well, here's a simple script to screen the incoming $_POST and $_GET variables, I don't know what else you need:

PHP Code:
<?php 
foreach($_GET as $key=>$value) {
    
$_GET[$key] = addslashes(trim(htmlspecialchars($value)));
????: NamePros.com http://www.namepros.com/showthread.php?t=150206
}
foreach(
$_POST as $key=>$value) {
    
$_POST[$key] = addslashes(trim(htmlspecialchars($value)));
}
?>
__________________
If you're as bored as I am, join me in Fallensword!
(I swear, this game is actually pretty fun :P)
aznchong91 is offline  
Old 12-21-2005, 08:27 PM   #3 (permalink)
DNOA Member
Join Date: May 2004
Posts: 5,040
mholt has a brilliant futuremholt has a brilliant futuremholt has a brilliant futuremholt has a brilliant futuremholt has a brilliant futuremholt has a brilliant futuremholt has a brilliant futuremholt has a brilliant futuremholt has a brilliant futuremholt has a brilliant futuremholt has a brilliant future
 


Autism Marrow Donor Program 9/11/01 :: Never Forget Multiple Sclerosis Adoption Alzheimer's Lou Gehrig's Disease (ALS)
SQL Injection Prevention, basic:

mysql_real_escape_string($variable);
mholt is offline  
Old 12-21-2005, 09:24 PM   #4 (permalink)
NamePros Regular
 
nick's Avatar
Join Date: Jun 2004
Location: Iowa City
Posts: 705
nick has much to be proud ofnick has much to be proud ofnick has much to be proud ofnick has much to be proud ofnick has much to be proud ofnick has much to be proud ofnick has much to be proud ofnick has much to be proud of
 


Save The Children
i think hes asking how to CHECK if somone is trying to "hack"

not prevent it
__________________
formally ninedogger
------
Want to talk to a stranger? -->| Click Here | TalkToAStranger.com | <-- Meet New Friends
nick is offline  
Old 12-21-2005, 09:39 PM THREAD STARTER               #5 (permalink)
NamePros Regular
 
Zubair1's Avatar
Join Date: Mar 2005
Posts: 912
Zubair1 is just really niceZubair1 is just really niceZubair1 is just really niceZubair1 is just really niceZubair1 is just really nice
 


AIDS/HIV
Originally Posted by ninedogger
i think hes asking how to CHECK if somone is trying to "hack"
????: NamePros.com http://www.namepros.com/showthread.php?t=150206

not prevent it
no i am not needing it to hack,
i need it to secure my script it will be included in the files
I need a script to check for incoming data by GET & POST super globals
and check for every variable data manuplation, cross site scripting vunerabilities, sql injections and all the other standard php vunerabilities.

the script should output the variables removing all the malicous stuff from it
or replacing it with its equalvent.

Also, create an array for variables in the script which shouldn't be processed by the script which can be passed to the script in terms of global variables.

Would really appreicate some one can do this for me

Regards,
__________________
Live Support : Zubair11 [at] hotmail.com
Free SEO Directory! || Free Online TV || Tech Blog
Web Design & Web Development Services || Reliable Web Hosting
Zubair1 is offline  
Old 12-21-2005, 11:33 PM   #6 (permalink)
Senior Member
Join Date: Nov 2005
Location: Hong Kong
Posts: 1,154
aznchong91 is a jewel in the roughaznchong91 is a jewel in the roughaznchong91 is a jewel in the rough
 



well, to do the first part of what you wanted, just use the code I posted earlier. Somebody else that knows how can add the rest you need, because I don't.
__________________
If you're as bored as I am, join me in Fallensword!
(I swear, this game is actually pretty fun :P)
aznchong91 is offline  
Old 12-22-2005, 05:49 AM THREAD STARTER               #7 (permalink)
NamePros Regular
 
Zubair1's Avatar
Join Date: Mar 2005
Posts: 912
Zubair1 is just really niceZubair1 is just really niceZubair1 is just really niceZubair1 is just really niceZubair1 is just really nice
 


AIDS/HIV
Originally Posted by aznchong91
well, to do the first part of what you wanted, just use the code I posted earlier. Somebody else that knows how can add the rest you need, because I don't.
ok thanks aznchong91
????: NamePros.com http://www.namepros.com/showthread.php?t=150206
i am donating some $np's to your account.....really appreicate the help

can anyone else complete this?

Regards,
__________________
Live Support : Zubair11 [at] hotmail.com
Free SEO Directory! || Free Online TV || Tech Blog
Web Design & Web Development Services || Reliable Web Hosting
Zubair1 is offline  
Old 12-24-2005, 11:19 AM   #8 (permalink)
New Member
Join Date: Dec 2005
Posts: 3
idreaminhex is an unknown quantity at this point
 



The first object of good script design is to only handle what you expect. If your script creates / processes a form. Then you know what to expect. The second object of good script design is to CAST name value pairs so they only contain what they should. People spend to much time on testing variables when they should auto CAST them so they don't need to worry about them during the rest of the script process!
????: NamePros.com http://www.namepros.com/showthread.php?t=150206


So what I am saying...

If it by POST then use POST, if it's by GET use GET, if a value is INT, cast as INT, if a value is a STR, NO HTML, then strip it so it only contains what you want it to. If it's a STR, HTML then encode it. If a element is missing then create it. After unset() all the SUPER GLOBALS to maintain smart memory usage and continue with the script process!

You can create a simple 7 or 8 line function to do this, it will save you much time but more importantly it will make your scripts faster and much easier to manage!

John
idreaminhex is offline  
Closed Thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
please, urgent! www.CiberArt.com sabbella Domain Appraisals 1 05-27-2005 05:36 AM
Urgent Vbulletin Forum Help Required! Please Help! Billy! Programming 6 01-12-2005 04:25 AM
hackbox.com , Please appraise, Urgent suthra Domain Appraisals 4 10-13-2004 07:59 PM
Urgent! Wanted! Forum Skin Design, Hacks, For a Car Forum! Urgent! Billy! Web Design Discussion 0 10-13-2004 03:50 AM
==== URGENT !!! MAMBO fans or experts wanted === johnn For Sale / Advertising Board 1 04-02-2004 05:29 PM

Liquid Web Smart Servers  
All times are GMT -7. The time now is 02:17 AM.

Managed Web Hosting by Liquid Web
Domain name forum recommended by Domaining.com Powered by: vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.6.0 Ad Management plugin by RedTyger