Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon

I scanned my login script using SQL Inject Me Firefox addon

According to the Test Results, my script was vulnerable to SQL Injection. Result by example

Results:
Server Status Code: 302 Found
Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE
Server Status Code: 302 Found
Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31

My script

  1. login.php - Login form
  2. check-login.php - To check login detail and here is the code.

    $email = clean($_POST['username']); $pass = clean($_POST['password']); $user = "select * from tbl_admin where admin='$email' and pass='$pass'";

    // some code

    $_SESSION['login_mes'] = "You have successfully logged in !"; header("Location:admin.php"); exit();

    } else {

    $_SESSION['login_mes'] = "Invalid email address or password, please try again."; header("Location:login.php"); exit(); }

The problems came when login failed. If I remove the

} else {

$_SESSION['login_mes'] = "Invalid email address or password, please try again.";
header("Location:login.php");
exit();
}

No failures detect by SQL Inject Me and how to fix this part?

like image 944
wow Avatar asked Aug 16 '09 04:08

wow


1 Answers

302 is the server's way of saying "I want you to go to [somewhere else]" (in this case login.php). It is not an error but a perfectly normal response. Especially in your case it makes much more sense (if you ask me) to send the user to a login page after a SQL injection attempt than to let him in.

like image 63
Fredrik Avatar answered Sep 22 '22 20:09

Fredrik