Hi every one Is it possible to assign a value to $_POST except using <form> submitting and accessing to the source of page(this is not my page) ? I want to escape from mysql_real_escape_string() (or something like this) that php automatically implement when you submit a form(php5). is $_POST vulnerable ? * * login.php <form method=post action=welcome.php> <input type = text name = user> <input type = submit> * * welcome.php <? $user = $_POST['user']; ... .... ..... ?> * * thank you in advance
vulnerable? Sounds like you want to attack someone... but yet, you can use curl to send a post request
how about typing in browser address bar something like "javascript:document.form.field.name="value";" or something similar.
I fully agree with your above first statement see his other thread/answer http://forums.digitalpoint.com/showthread.php?t=556356 these are very much hacker questions no site owner / site user ever needs to ask even in his sweetest nightmares or dreams! I think it is a REALLY bad idea to give to such typical hacker questions any advice or help of any kind whatsoever! mehdiali your statement is impossible to belief specially since you have NO own website registered in your DP forum profile - it is even uncertain that you have a website at all and all your questions posted I saw today have to do with hacking ANOTHER website since to UPLOAD or communicate with OWN site - that howto is most simple and known to all and each of the legal site owners !!!
That PHP is most likely vulnerable but it all depends what you do with $user. If you have: $result = mysql_query("SELECT * FROM `users` WHERE `username` = '$user'"); PHP: then you would be vulnerable to SQL injection attacks because you didn't validate the $user variable for SQL before using it. If you have: echo("Hi, $user. Welcome back"); PHP: then you would be vulnerable to XSS attacks and CSRF attacks because you didn't validate $user for HTML before using it in HTML. I would add, just before I ran the SQL query: $mysqlsafe_user = mysql_real_escape_string($user); $result = mysql_query("SELECT * FROM `users` WHERE `username` = '$mysqlsafe_user'"); PHP: ...and just before I echoed the HTML: $htmlsafe_user = htmlentities($user); echo("Hi, $htmlsafe_user. Welcome back"); PHP: Discussions of security often look like discussions of hacking because we are usually talking about the same topic. This information is provided to help webmasters and php coders avoid having their websites hacked. The same information could be used by a hacker to learn how to control other people's websites. As long as the information is available to everyone then everyone has a fair chance. If we try to hide this information then no one will know how to secure their websites.