[Mysql] SQL Injection
#1

Hi,

I did a cmd to permit to a user to change his own password IG. And I wanted to know if it's possible for someone to do a SQL Injection into my server. This is my cmd:

Код:
CMD:changermdp(playerid, params[])
{
	new mdp[129], query[256];
	if(sscanf(params,"s[33]", mdp)) return SendClientMessage(playerid, Gris, "Usage: /changermdp [Mot de Passe]");
	if(strlen(mdp) > 24 || strlen(mdp) < 6) return SendClientMessage(playerid, Gris, "Votre mot de passe doit faire entre 6 et 24 caractиres.");
	WP_Hash(mdp, 129, mdp);
	mysql_format(mysql, query, sizeof(query), "UPDATE `joueurs` SET `Password`='%e'  WHERE `ID`=%d ", mdp, pInfo[playerid][ID]);
	mysql_tquery(mysql, query, "", ""); 
	SendClientMessage(playerid, Jaune, "Votre mot de passe a bien йtй changй.");
	return 1;
}
I read that %e is escaped string and normally it's safe to use. But I wanted to be sure. Thank you.


Ps: For my register system, I've got the same question:
Cause here I'm using '%s' for the password, but should I use %e ?

Код:
            mysql_format(mysql, query, sizeof(query), "INSERT INTO `joueurs` (`Username`, `Password`, `IP`,`DerniereIP`, `Admin`, `VIP`, `Argent`, `Banque`, `posX` ,`posY`, `posZ`, `Interieur`, `World`, `Skin`, `Niveau`, `DateInscription`, `Bannis`, `Vie`, `Armure` ) VALUES ('%e', '%s', '%s', '%s', 0, 0, 1000, 0, 1527.5634, -1738.9218, 13.5469, 0, 0, 26, 1, '%s', 0, 100, 0)", Name[playerid], pInfo[playerid][Password], IP[playerid], IP[playerid], timeInscription);
            mysql_tquery(mysql, query, "", "");
Thank you
Reply
#2

Since the inputted password is hashed using Whirlpool, you only get a long string of 128 characters as a result.
Such a hash only consists of characters from A-Z and numbers 0-9.
There won't be any character in it that needs to be escaped, so you can safely use %s.

Even if the player entered a password like "; DROP TABLE joueurs" that could delete your table, the entire string is converted into a hashed one and SQL injection is automatically avoided.
Reply
#3

Sorry if I answer only now but Thank you !
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)