php injection
By kusmadi
@kusmadi (128)
Indonesia
June 13, 2007 12:15am CST
Hello... .
can any body help me?
What is the php injection?
how to inject *.php site?
9 responses
@kusmadi (128)
• Indonesia
14 Jun 07
Yesterday, I have file *.avi from rumania about php injection, but I confused. I cann't speaking rumania so I need my friend (that is you or other) to help me.
php injection like sql injection. Generally sql injection used by *.asp and php injection used by *.php. With php injection, I can be an web admin (illegal of course) and I can use those site like my mine.
@kusmadi (128)
• Indonesia
14 Jun 07
Yesterday, I have file *.avi from rumania about php injection, but I confused. I cann't speaking rumania so I need my friend (that is you or other) to help me.
php injection like sql injection. Generally sql injection used by *.asp and php injection used by *.php. With php injection, I can be an web admin (illegal of course) and I can use those site like my mine.
@kusmadi (128)
• Indonesia
14 Jun 07
Yesterday, I have file *.avi from rumania about php injection, but I confused. I cann't speaking rumania so I need my friend (that is you or other) to help me.
php injection like sql injection. Generally sql injection used by *.asp and php injection used by *.php. With php injection, I can be an web admin (illegal of course) and I can use those site like my mine.
@semodders (456)
•
16 Jun 07
hay friend, iv added you to my conctact list but how come your not online, what messenger are you using for yahoo? are you using a new version? please let me know, or do i need to install a yahoo messenger as i have an yahoo id but i hant got yahoo messenger installed because i have very less memory in my pc, we can have a chat about haking sites or what ever about php injection.
@semodders (456)
•
15 Jun 07
ok i have added you to my hotmail list, i use hotmail windows live messenger that supports yahoo email adressess.
@semodders (456)
•
14 Jun 07
lol ok, i will look for that site and post it here, doo you have an email adress or sumin ??
@semodders (456)
•
14 Jun 07
oh so you basicly want to steel a site?? or wat? any way ill add you as a freind it looks like you know alot about php huh?
@semodders (456)
•
14 Jun 07
no not realy but i know alot about php so maybe i can help you with this injection thing if you tell me what deos it mean i have heard it and have visiteda site called php injection......
@semodders (456)
•
18 Jun 07
did you find about php injections?? i have try this it also has SQL inejction: www.phpfreaks.com/phpmanual/pages/security.database.sql-injection.html try it maybe help!! it was hard to copy all that as i cant copy and past :(. good luck buddy!
@semodders (456)
•
16 Jun 07
i have added you to my conact list, i am using a web based yahoo messenger please accept me to your list.
@corsario (27)
• Portugal
21 Jun 07
Basically PHP injection is when you insert PHP code in forms fields surrounded by ' or " so that and when you hit submit, that code "escapes the field" and it's interpreted as code to be executed.
Normally everytime you make a form text field you should do one of two things (or both):
1 - protect the field with javascript so that it does not accept ' or " and therefore the user cannot make those injections.
PROS: it is done in real time, no need to hit submit or page refresh to get the field protected
CONS: javascript can be disabled client side
2 - before working with the submitted text field, get it through a function that strips the text inside it from ' and " or any other character that you don't want.
PROS: difficult, if not impossible to get through this protection
CONS: a person without bad intentions that by mistake types " or ' to the field will only know of the mistake when they hit submit, so you ought to save the other fields so that the user does not have to fill all the form again.