The Real World - SQL Injection

z0mg:
Recently one of ProjectSkyLine's employees found his email address on a list. A list that was sending him junk email (heh). Conveniently at the bottom of the email was a link that allowed him to unsubscribe from the list. After visiting the page to do so he noticed the URL parameters:

http://itsyoursnow.net/index.php?cat=

This code is attempting to load a .php file by whatever name is specified in $POST['cat']... Oh, what a mess.

http://itsyoursnow.net/index.php?cat=../z0mg

Yields:
Warning: main(../z0mg.php): failed to open stream: No such file or directory in /var/www/itsyoursnow.net/htdocs/index.php on line 59

Warning: main(): Failed opening '../z0mg.php' for inclusion (include_path='.:/usr/local/lib/php') in /var/www/itsyoursnow.net/htdocs/index.php on line 59

Now we cannot go into details about exploiting this site nor did our employee try. But you can clearly see why input validation is a must for web applications. There are plenty of things to try at this point, but we don't condone any of it!


Friends don't let friends code sh*t.

- psl