Warning: include(.../cache/template/template63867.php): failed to open stream: No such file or directory in /home/codingta/public_html/includes/vb5/template.php on line 328 Warning: include(): Failed opening '.../cache/template/template63867.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/codingta/public_html/includes/vb5/template.php on line 328 My site was attacked by injection - Coding-Talk

My site was attacked by injection

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • My site was attacked by injection

    Hello guys, my site was attacked and the hacker claims it was done by a simple injection in ip, we all know hackers don't reveal the true ways of executing their attacks, however, would just like to verify if my ip code seems vulnerable or not?

    function getip()

    {

    if($_SERVER["REMOTE_ADDR"])

    { $ip=$_SERVER["REMOTE_ADDR"];

    } else { $ip=$_SERVER["HTTP_X_FORWARDED_FOR"];}

    if(strpos($ip,",")){

    $exp_ip=explode(",",$ip);

    $ip=$exp_ip[0];

    }

    return $ip;

    }

  • #2
    Yes its vulnerable.
    HTTP_X_FORWARDED_FOR can be easily spoofed
    use mysql_escape_string() to make it safe.

    Comment


    • #3
      I think you should try to use prepared statements. I know its a lot easier to code using procedural way but there are lots of glitches when scaping vars there. We shouldI think you should try to use prepared statements. I know its a lot easier to code using procedural way but there are lots of glitches when scaping vars there. We should move on now. There are lots of frameworks to use or you can make one. Just a friendly reminder.

      Comment

      Working...
      X