My site was attacked by injection

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    My site was attacked by injection

    Hello guys, my site was attacked and the hacker claims it was done by a simple injection in ip, we all know hackers don't reveal the true ways of executing their attacks, however, would just like to verify if my ip code seems vulnerable or not?

    function getip()

    {

    if($_SERVER["REMOTE_ADDR"])

    { $ip=$_SERVER["REMOTE_ADDR"];

    } else { $ip=$_SERVER["HTTP_X_FORWARDED_FOR"];}

    if(strpos($ip,",")){

    $exp_ip=explode(",",$ip);

    $ip=$exp_ip[0];

    }

    return $ip;

    }
    Tags: something else
    #2
    Yes its vulnerable.
    HTTP_X_FORWARDED_FOR can be easily spoofed
    use mysql_escape_string() to make it safe.

    Comment

      #3
      I think you should try to use prepared statements. I know its a lot easier to code using procedural way but there are lots of glitches when scaping vars there. We shouldI think you should try to use prepared statements. I know its a lot easier to code using procedural way but there are lots of glitches when scaping vars there. We should move on now. There are lots of frameworks to use or you can make one. Just a friendly reminder.

      Comment

      Previous template Next
      Working...
      X