PHP-Blind SQL injection in "x-forwarded-for" header
Today i checked my script with acunetix and found a "Blind SQL injection"
in one of my files.
Accunetix Message:
Attack details
HTTP Header input x-forwarded-for was set to 1' and sleep(2)='
How to fix this vulnerability:
Your script should filter metacharacters from user input. Check detailed
information for more information about fixing this vulnerability.
I have escaped all input with mysql_real_escape_string() func, but error
existing yet.
I tried to filter this header in my file with this code:
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
mysql_real_escape_string(addslashes(($_SERVER['HTTP_X_FORWARDED_FOR'])));
But doesn't work. please help!
ReplyDeleteGreat Article
B.Tech Final Year Projects for CSE in JavaScript
FInal Year Project Centers in Chennai
JavaScript Training in Chennai
JavaScript Training in Chennai