Hello! I'm going through a lot of bugs, I've tried ALL the techniques I found on the internet that could prevent SQL Injection, and even then Havij can get my data.
This is the code for the page that I'm doing the attack:
$id = mysql_real_escape_string($_GET['id']);
$sql = $id;
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|or|=|#|\*|--|\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
$id = $sql;
$id = intval($id);
// Connect to the database
$mysqli = new mysqli($MySQL_HOST, $MySQL_USER, $MySQL_USER_PASS, $MySQL_DB) or die("Erro ao conectar ao bando de dados");
// Prepare the query
$sql = $mysqli->prepare('SELECT autor, noticia, data, titulo, tipo, logo FROM noticias WHERE id = ?') or die("erro ao preparar consulta");
// Bind the parameter, i --> int, datatype of column
$sql->bind_param('i', $id);
// Execute SQL
$sql->execute() or die("erro ao executar consulta");
$sql->bind_result($autor, $noticia, $data, $titulo, $tipo, $imagem);
$sql->fetch();
$sql->close();
I have tried to get the parameter directly from the sql query, changing it by a fixed number. I already tried to take the search line, remove the connection line, and even BOTH! The site does not even work but havij attacks like crazy! No point in explaining!
And to make matters worse, I activated the sql logs thinking he might be picking up the connection alone and sending the prompts alone or through another page, and all the answer I have is that he does half a dozen searches on the table with id 999999, nothing different!. Now how does a program grab all my database with half a dozen SELECTs in an nonexistent id?
