PHP - Moved: Hacking Own Website ?

Hi all,

I have a security problem with my website who is a social network (like facebook).
Let's me Explain :

You can execute this page on my website.
www.SocialNetWork.com/ChangeStatus.php?param=Hello
So your status become "Hello".

On your profile, you can create a link to a picture on the web, for example : <img src='http://www.hacking.com/pic.jpg'>

The problem is that a "hacker" create several russian girl profile and made links to pic.jpg on his server, and this .jpg file rewrite URL to : www.SocialNetWork.com/ChangeStatus.php?param=Suck.
So when you visite his profil, the php code is launched, and the status OF THE VISITOR is changed !

I have no idea of how to stop this ?
If i check the variable : $_SERVER['HTTP_REFERER']
The value is empty or www.SocialNetWork.com, but never www.hacking.com ...

How can i stop the fact that a foreign picture could launch a php page on my website ?

thanks for help !
ps: sorry for my english

For obvious reasons, I wouldn't want any links to these sites or resources in this thread. I'd like some advice on where to find *modern* hacking techniques used against php and mysql.

I'd prefer some info on PM so that not everybody is exposed to such sites - even suggested queries for google because I'm having a hard time finding reliable information.

Also, does anybody have any advice on security books for say network (apache), php, mysql?

I doubt I'll get a pm so if I do, I'll donate $20 to charity today! lol

and doing sql injections

i have enabled mysql logging and i can find where they did the query, but it only shows the query, it doesn't show what location or what url or how they did it so how can i fix it?

thanks  also lighttpd logs doesn't show...
this sucks

Hi,

when i submit the form using the following text...

-1 OR 1=1) AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT @@VERSION),1,1)),0)>25),1,2))

that was sent by the hacker in my website

i am trying to escape the above and filter it ...


am using the mysql_Real_escape_string and trim function..

but nothing escaped...

can u give me a suggestion , pls help me

Code: [Select]
if ($indovina!=$indovinata) {
 if ($tentativi>=6) {
  echo ("\n<p>Sorry, you hanged yourself. The word you had to guess was: ".$indovina."</p>\n");
 }
 else {
  $scelt = preg_split('//', $scelte, -1, PREG_SPLIT_NO_EMPTY);
  echo ("\n<p>\n");
  foreach ($alfabeto as $lettalf) {
   $contrl = false;
   foreach ($scelt as $lett) {
    if (!strcasecmp ($lettalf, $lett)) {
     $contrl = true;
    }
   }
   if ($contrl) {
    print (' <img src="images/lr_'.$lettalf.'.gif" style="border:0;width:20px;height:20px" alt="'.$lettalf.'" />');
   }
   else {
    print (' <a href="'.$_SERVER['PHP_SELF'].'?letter='.$lettalf.'"><img src="images/lb_'.$lettalf.'.gif" style="border:0;width:20px;height:20px" alt="'.$lettalf.'" /></a>');
   }
   if ($lettalf=='m') echo ("\n <br />");
   echo ("\n");
  }
  echo ("</p>\n");
 }
}
else if ($indovinata){
 echo ("\n<p>Congratulations! You guessed the word.</p>\n");
 $DB->query("UPDATE ibf_members set gold=gold+5
WHERE id = {$ibforums->member['id']}");
}

Look at the bottom, ok so if the person wins the hangman game, it will show "Congrats" but then people will just beable to refresh the page, and that query will run again and again and that person will gain +5 gold each time....we need to fix this!! any help?