Solved

MY SQL Code Injection through Site Admin Query

Posted on 2011-02-17
17
697 Views
Last Modified: 2012-05-11
MY SQL Code Injection through Site Admin Query.

What to do to stop code injection in mysql database. We have done all things which are there on google search but things keeps coming up.

I need full proof Solution to this.


0
Comment
Question by:citadelind
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 4
  • +2
17 Comments
 

Author Comment

by:citadelind
ID: 34923297
I need Example with code.
0
 
LVL 11

Accepted Solution

by:
VanHackman earned 50 total points
ID: 34923530
There isn't a magic formula to go over this...

Usign the php filter_var() function with the proper sanitize filters should be enough:

http://php.net/manual/en/function.filter-var.php
http://php.net/manual/en/filter.filters.sanitize.php

If you need an example with code, you could get it here:

http://net.tutsplus.com/tutorials/php/sanitize-and-validate-data-with-php-filters/

In that post, you will find all that you need to prevent this sort of security issue.

You just need to be able to use the knowledge properly.

Kind Regards,
Oxygen+ Team
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 34924018
You have not given us any information to work with. What sort of software? What sort of server? Shared or dedicated? What is being injected? Your question is too vague, it's like saying "Doctor I'm ill, make me better".

"I need full proof Solution to this"

You need more than a 50 point question in that case.
0
 

Author Comment

by:citadelind
ID: 34924696
Hi bportlock:,

Windows server
MYSQL Server 5
Dedicated Server

We have all fire walls on and using Norton Antivirus. We also used codes sample which were given above but still getting Site Hacked.

Let me know if you need more info.

0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 34924921
When you say "MY SQL Code Injection through Site Admin Query" what do you mean? What "site admin" are you talking about?
0
 

Author Comment

by:citadelind
ID: 34926109
I am talking about CMS Site admin which is customized by our people.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 34926150
"I am talking about CMS Site admin which is customized by our people. "

Yes - but *what* is it based on? Oscommerce? Joomla? Mambo? Word press? Zen Cart?
0
 
LVL 11

Expert Comment

by:VanHackman
ID: 34926157
And what do you mean which "we still getting SQL injections", how do you know that?...
0
 

Author Comment

by:citadelind
ID: 34926183
As i told Its customized one not open source
0
 

Author Comment

by:citadelind
ID: 34926189
hi VanHackman,

All data is been erased and new data of hackers have been injected site has all things changed thats how we know it.

As only data is been corrupted so its sql injection our server is secure.
0
 
LVL 11

Expert Comment

by:VanHackman
ID: 34926301
@citadelind:

I should say that will be better if you consider the posibility that the "hackers" have created some sort of back-door to your system.

Because SQL injection 99.9% of the time doesn't allow attackers to erase or insert new data to the DB, it is used to GET data from the DB instead, and make a privilege escalation into your system.

So if they keep erasing your data, and adding their own and if you are 100% secure that you have implemented the filter_var function in all the code parts which get data from clients (Are you really sure?...)

I will bet that you have a different problem there than a SQL injection and that your server is not as "secure" as you have thought.

Be aware of this...

0
 

Author Comment

by:citadelind
ID: 34926349
To my local system from where we upload things or on Server they created back door.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 34926373
@citadelind, you need to hire a professional developer to help you with this.  Information Technology Security is a full time, four year college major at the engineering school of the University of Maryland.  Any answer you get from EE is likely to represent a rather tiny fragment of the course of study - which covers 1,000 days of homework.  As Alexander Pope wrote, "A little learning is a dangerous thing."
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 34926682
"As i told Its customized one not open source"

Well, without source code there is not much we can do, we are not mind readers after all.....

You seem very convinced about the SQL injection, but have you considered XSS attacks? They are just as common, perhaps more so. Windows A/V products only detect about 80% of viruses and adware so you server could be rootkitted and you'll never know.

The only safe option, in my opinion,  is to reparitition the drives and wipe everything clean and do a completely fresh reinstall. Do not restore data from backups unless you can filter it first - an infected backup is worse than pointless. Disable all PHP commands that allow execution of system commands and box everything in with open_basedir. If you were on Linux I would add setting user and group permissions.

Never assume that a severely  infected machine is fixable. It is simply not worth the risk.
0
 
LVL 11

Expert Comment

by:VanHackman
ID: 34929270
If you want to figure out quickly if your system does have a security hole, and in which section is it, Acunetix can help you:

http://www.acunetix.com/

Even with the free version, you could get to know which of the most commons vulnerabilities does your site has, like XSS, SQL Injection & other vulnerabilities of the same matter, like file permissions bad configured.

Try the free version, and scan your site, even when it's not as accurate as a security expert, it could help to see if the vulnerabilities are actually present in your site, if so... Acunetix will also tell you in which specific sections of the site they are, and at that point you could think about hiring a professional to fix them, if you belive that you can't handle them at your own.

Hope this help.

All the Best!,
VanHackman
0
 

Author Comment

by:citadelind
ID: 34958462
If i use user read permission for site connection will problem be solved.
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question