home Browsers

Instructions for using jSQL Injection, a multifunctional tool for finding and exploiting SQL injections in Kali Linux. Multi-level menu in PHP and MySQL Inurl php own menu game id

No website is complete without navigation or, as they also call it, a “site menu.” So, the site menu can be single-level or multi-level in the form of a tree. If there are no particular difficulties in terms of implementation with a single-level menu, then when creating a multi-level menu you need to think carefully.

The most important thing in this task is to design the database for our multi-level menu. Let's create a Categories table with three fields id, title, parent Where:

ID- identifier
Title- Menu name
Parent- Default category parent 0

The field is responsible for branching the menu Parent If Parent = 0, then this category is the parent category. In order to add descendants to the parent category, you need to specify in the parent field ID the right parent. For example:

Tables with categories

As can be seen from the table, the parent category Cars there are two descendants - this is Mazda And Honda related by field Parent. And the category Motorcycles two descendants are Kawasaki And Harley. At the same time, the Boats category has no descendants. I hope you understand how to link categories.

Next we move from words to practice. Let's create a Categories table.

CREATE TABLE IF NOT EXISTS `categories` (`id` int(10) unsigned NOT NULL AUTO_INCREMENT, `title` varchar(255) NOT NULL, `parent` int(10) unsigned NOT NULL, PRIMARY KEY (`id`)) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=20 ; -- -- Data dump from table `categories` -- INSERT INTO `categories` (`id`, `title`, `parent`) VALUES (1, "Cars", 0), (2, "Motorcycles", 0) , (3, "Mazda", 1), (4, "Honda", 1), (5, "Kawasaki", 2), (6, "Harley", 2), (7, "Mazda 3", 3 ), (8, "Mazda 6", 3), (9, "Sedan", 7), (10, "Hatchback", 7), (11, "Boats", 0), (12, "Liftback", 8), (13, "Crossover", 8), (14, "White", 13), (15, "Red", 13), (16, "Black", 13), (17, "Green", 13), (18, "Mazda CX", 3), (19, "Mazda MX", 3);

The work algorithm consists of the following:

Create a connection to the database

Writing a function to get data from the Categories table

//Get the array of our menu from the database as an array function getCat($mysqli)( $sql = "SELECT * FROM `categories`"; $res = $mysqli->query($sql); //Create an array where the key of the array is the menu ID $cat = array(); while($row = $res->fetch_assoc())( $cat[$row["id"]] = $row; ) return $cat; )

We get an array like this, where the array key is the category ID.

Solid wood build function from Tommy Lacroix

//Function for building a tree from an array from Tommy Lacroix function getTree($dataset) ( $tree = array(); foreach ($dataset as $id => &$node) ( //If there are no attachments if (!$node[" parent"])( $tree[$id] = &$node; )else( //If there are children, then iterate through the array $dataset[$node["parent"]]["childs"][$id] = &$ node; ) ) return $tree; )

We get an array in the form of a tree

Entire script

query("SET NAMES "utf8""); /* * This is the "official" object-oriented way to do this * however $connect_error did not work until PHP versions 5.2.9 and 5.3.0. */ if ($mysqli->connect_error) ( die("Connection error (" . $mysqli->connect_errno . ") " . $mysqli->connect_error); ) /* * If you need to be sure of compatibility with versions prior to 5.2 .9, * it is better to use this code */ if (mysqli_connect_error()) ( die("Connection error (" . mysqli_connect_errno() . ") " . mysqli_connect_error()); ) //Get the array of our menu from the database as an array function getCat($mysqli)( $sql = "SELECT * FROM `categories`"; $res = $mysqli->query($sql); //Create an array where the array key is the menu ID $cat = array(); while ($row = $res->fetch_assoc())( $cat[$row["id"]] = $row; ) return $cat; ) //Function for building a tree from an array from Tommy Lacroix function getTree($dataset) ( $tree = array(); foreach ($dataset as $id => &$node) ( //If there are no attachments if (!$node["parent"])( $tree[$id] = &$node; )else( //If there are descendants, then go through the array $dataset[$node["parent"]]["childs"][$id] = &$node; ) ) return $tree; ) //Get a prepared array with data $cat = getCat($mysqli); //Create a tree menu $tree = getTree($cat); //Template for displaying a menu in the form of a tree function tplMenu($category)( $menu = "

". $category["title"].""; if(isset($category["childs"]))( $menu .= "

". showCat($category["childs"]) .""; ) $menu .= "

"; return $menu; ) /** * Read our template recursively **/ function showCat($data)( $string = ""; foreach($data as $item)( $string .= tplMenu($item); ) return $string; ) //Get HTML markup $cat_menu = showCat($tree); //Display echo "

".$cat_menu.""; ?>

Result of work

Multi-level menu in PHP + MySQL for admin panel

If you want to use this menu in the admin panel of your site, then you need to rewrite a couple of functions tplMenu(), showCat().

".$category["title"].""; )else( $menu = " "; ) if(isset($category["childs"]))( $i = 1; for($j = 0; $j< $i; $j++){ $str .= "→"; } $i++; $menu .= showCat($category["childs"], $str); } return $menu; } /** * Рекурсивно считываем наш шаблон **/ function showCat($data, $str){ $string = ""; $str = $str; foreach($data as $item){ $string .= tplMenu($item, $str); } return $string; } //Получаем HTML разметку $cat_menu = showCat($tree, ""); //Выводим на экран echo ""; ?>

Result of work

Select Cars → Mazda →→ Mazda 3 →→→ Sedan →→→ Hatchback →→ Mazda 6 →→→ Liftback →→→ Crossover →→→→ White →→→→ Red → →→→ Black →→→→ Green →→ Mazda CX →→ Mazda MX → Honda Motorcycles → Kawasaki → Harley Boats

Run the downloaded file by double clicking (you need to have a virtual machine).

3. Anonymity when checking a site for SQL injection

Setting up Tor and Privoxy in Kali Linux

[Section under development]

Setting up Tor and Privoxy on Windows

[Section under development]

Proxy settings in jSQL Injection

[Section under development]

4. Checking the site for SQL injection with jSQL Injection

Working with the program is extremely simple. Just enter the website address and press ENTER.

The following screenshot shows that the site is vulnerable to three types of SQL injections (information about them is indicated in the lower right corner). By clicking on the names of injections you can switch the method used:

Also, the existing databases have already been displayed to us.

You can view the contents of each table:

Typically, the most interesting thing about tables is the administrator credentials.

If you are lucky and you find the administrator’s data, then it’s too early to rejoice. You still need to find the admin panel where to enter this data.

5. Search for admin panels with jSQL Injection

To do this, go to the next tab. Here we are greeted with a list of possible addresses. You can select one or more pages to check:

The convenience lies in the fact that you do not need to use other programs.

Unfortunately, there are not very many careless programmers who store passwords in clear text. Quite often in the password line we see something like

8743b52063cd84097a65d1633f5c74f5

This is a hash. You can decrypt it using brute force. And... jSQL Injection has a built-in brute forcer.

6. Brute force hashes using jSQL Injection

The undoubted convenience is that you do not need to look for other programs. There is support for many of the most popular hashes.

This is not the best option. In order to become a guru in decoding hashes, the Book “” in Russian is recommended.

But, of course, when there is no other program at hand or there is no time to study, jSQL Injection with its built-in brute force function will come in very handy.

There are settings: you can set which characters are included in the password, the password length range.

7. File operations after detecting SQL injections

In addition to operations with databases - reading and modifying them, if SQL injections are detected, the following file operations can be performed:

reading files on the server
uploading new files to the server
uploading shells to the server

And all this is implemented in jSQL Injection!

There are restrictions - the SQL server must have file privileges. Smart system administrators have them disabled and will not be able to gain access to the file system.

The presence of file privileges is quite simple to check. Go to one of the tabs (reading files, creating a shell, uploading a new file) and try to perform one of the specified operations.

Another very important note - we need to know the exact absolute path to the file with which we will work - otherwise nothing will work.

Look at the following screenshot:

To any attempt to operate on a file, we receive the following response: No FILE privilege(no file privileges). And nothing can be done here.

If instead you have another error:

Problem writing into [directory_name]

This means that you incorrectly specified the absolute path where you want to write the file.

In order to guess an absolute path, you need to at least know the operating system the server is running on. To do this, switch to the Network tab.

Such a record (line Win64) gives us reason to assume that we are dealing with Windows OS:

Keep-Alive: timeout=5, max=99 Server: Apache/2.4.17 (Win64) PHP/7.0.0RC6 Connection: Keep-Alive Method: HTTP/1.1 200 OK Content-Length: 353 Date: Fri, 11 Dec 2015 11:48:31 GMT X-Powered-By: PHP/7.0.0RC6 Content-Type: text/html; charset=UTF-8

Here we have some Unix (*BSD, Linux):

Transfer-Encoding: chunked Date: Fri, 11 Dec 2015 11:57:02 GMT Method: HTTP/1.1 200 OK Keep-Alive: timeout=3, max=100 Connection: keep-alive Content-Type: text/html X- Powered-By: PHP/5.3.29 Server: Apache/2.2.31 (Unix)

And here we have CentOS:

Method: HTTP/1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=9p60gtunrv7g41iurr814h9rd0; path=/ Connection: keep-alive X-Cache-Lookup: MISS from t1.hoster.ru:6666 Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.4.37 X-Cache: MISS from t1.hoster.ru Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Date: Fri, 11 Dec 2015 12:08:54 GMT Transfer-Encoding: chunked Content-Type: text/html; charset=WINDOWS-1251

On Windows, a typical folder for sites is C:\Server\data\htdocs\. But, in fact, if someone “thought of” making a server on Windows, then, very likely, this person has not heard anything about privileges. Therefore, you should start trying directly from the C:/Windows/ directory:

As you can see, everything went fine the first time.

But the jSQL Injection shells themselves raise doubts in my mind. If you have file privileges, then you can easily upload something with a web interface.

8. Bulk checking of sites for SQL injections

And even this function is available in jSQL Injection. Everything is extremely simple - download a list of sites (can be imported from a file), select those that you want to check and click the appropriate button to start the operation.

Conclusion from jSQL Injection

jSQL Injection is a good, powerful tool for searching and then using SQL injections found on websites. Its undoubted advantages: ease of use, built-in related functions. jSQL Injection can be a beginner's best friend when analyzing websites.

Among the shortcomings, I would note the impossibility of editing databases (at least I did not find this functionality). As with all GUI tools, one of the disadvantages of this program can be attributed to its inability to be used in scripts. Nevertheless, some automation is also possible in this program - thanks to the built-in function of mass site scanning.

established sample and certificate. For a special discount on any faculties and courses!

In the blog article before last, I wrote about the interesting innovations of the latest version of WordPress - a special mechanism for creating and managing . Now it has become much more convenient and easier for ordinary users to create menus of varying complexity, which can consist not only of pages or blog categories, but also have links to any URL. To display the menu in the template, a special function wp_nav_menu is used - I’ll tell you about it today.

If there is no menu section in the WordPress admin, you can activate it by adding special code to the functions.php file

Here first is the name of the menu we created. This is the use of a function in the general case without widgets; you will need to work with them a little differently there. However, the wp_nav_menu function can be output without arguments, as a result of which different situations will be “looked through” - first, a match by menu name, if at least one menu item is specified for it, otherwise a non-empty menu will simply be displayed, etc. . But again, I advise you to simply use the code above and not figure out what the function without arguments should output. Its syntax is as follows:

The following parameters are used here:

$menu— selected identifier for the menu — ID, slug or menu name.

$container- The UL menu is “wrapped” in a DIV container by default using this setting.

$container_class— indicates the class of the container, by default its value is menu-(menu slug)-container, that is, in our case, for example, there will be a class menu-first-container.

$container_id— you can add an ID to the container, not specified by default.

$menu_class— class for the UL menu element, its value is menu.

$menu_id— ID for the ul element, defaults to menu-(slug)

$echo— if you do not want to display the menu, but return the value of the function, use the value 0 for this setting.

$fallback_cb— if the menu does not exist, the wp_page_menu function is called.

$before— sets the text that is displayed before link A.

$link_before— displays the phrase before the link text, not specified.

$link_after— displayed after the link text, also empty.

$depth— sets the number of hierarchy levels to display the menu; the default value 0 displays the entire menu.

$walker- some kind of incomprehensible custom “walker object”, probably more needed by advanced developers.

$theme_location— the theme location where the menu will be used must be activated via register_nav_menu() in order for the user to be able to select it. Also some kind of not entirely clear setting, apparently, when working with widgets.

Examples of using the wp_nav_menu function

The simplest code given in the code is:

Removing the DIV container from the menu

"")); ?>

In principle, there is nothing complicated in creating and managing a WordPress 3.0 menu. The developers have significantly simplified the work procedure and expanded the capabilities of this navigation element. The solution is often used in a variety of template tasks, for example, when creating for mobile and desktop versions. A little later I will add a couple more snippets on the topic.

P.S. Guard. An interesting and useful blog for webmasters on SEO, where you will find answers to your questions about SEO.
The Aweb company has long established itself very well in the field of website promotion, optimization and search engine promotion on the Internet.

Because it exposes the contents of the menu.php module. Below we will present our own menu development in PHP, which was written from scratch in a notepad.

This code will be especially useful for dynamic sites that have custom engines. I will offer two code options that have minor differences (the differences will be explained later).

To begin with, I will give an approximate structure of the site for which this menu is suitable. The site structure should look like this (classic view):

/index.html /razdel_1/ /razdel_1/articles_1.html /razdel_1/articles_2.html ... /razdel_2/ /razdel_2/articles_1.html /razdel_2/articles_2.html ... ... ... /razdel_N/articles_2 .html

The site may also contain subsections for sections:

/razdel_1/podzaderl_1/ /razdel_1/podzaderl_1/articles_1.html /razdel_1/podzaderl_1/articles_2.html ... /razdel_1/podzaderl_2/articles_1.html /razdel_1/podzaderl_2/articles_2.html

This structure will also work for our menu with only minor differences.

I suggest creating a separate file for the menu in php. For example, menu.php would be a great name for such a file. To implement the menu, a menu style in CSS is also provided to immediately make it more or less beautiful. Naturally, this style is given for reference only, since the designs of the sites are very different.

Code for menu styling in CSS:

.menu ( height:42px; padding:0 0 0 16px; background:url(images/spacer.png) repeat; ) .menu li ( display:block; float:left; ) .menu li.active ( background: #000011 ; ) .menu a ( color:#FFF; display:block; line-height:42px; text-decoration:none; padding:0 14px; ) .menu a:hover ( background:url(images/spacer.png) repeat ; )

Now, let's look at the first option for implementing a menu in PHP, which is a little simplified.

The first version of the menu code in PHP

\n"; for ($i=0;$i ": "
"; echo " ".$array_menu[$i]["name"]."
\n"; ) echo ""; ?>

The menu can be divided into two parts. The first contains the $array_menu information array, which contains the names of our sections with links to sections. There is an option to enter this data into the mySQL database, but there is no particular point in this, since the sample is very small, so this will not affect the speed of work.

The second part contains the output of the menu through a for loop. The cycle compares the site address with the address from the $array_menu array. If there is a match, then we display the next menu section with a special active class:

, otherwise just

. This allows us to highlight with some color the part of the menu in which the user is located. In my opinion, this is a necessary thing for any site, so that the user can understand which section he is in.

The order in the array will be preserved when the menu is displayed on the site. That is, the array must be filled in the order in which the menu should be displayed.

Note:
If the URLs (addresses) of the section headings look like:
/section_1
or like this
/razdel_1/nazvanie_razdela.html
then you need to write an exact match in array_menu:
$array_menu[$i]["url"]="/razdel_1"
or for the second case:
$array_menu[$i]["url"]="/razdel_1/nazvanie_razdela.html";

How does the first menu option work?
It only highlights the menu if you are at the section header address. For example, if the page address is /razdel_1/articles_1.html, then the menu will not be highlighted in any way.

The second version of the code is a modified version of the first and provides the ability to highlight menus even in articles that are located in sections.

The second version of the menu code in PHP

"; for ($i=0;$i ": "
"; echo "".$array_menu[$i]["title"]."
"; ) else ( echo ($URL) == ($array_menu[$i]["url"]) ? "
": "
"; echo "".$array_menu[$i]["title"]."
"; ) ) echo ""; ?>

If you are interested in the answer to the question of how to create a website menu, then you have come to the right address.

We will look at creating a dynamic menu in PHP, written specifically for programming dummies, as well as for those who are still in the tank.

Lesson 3. Making a menu in php for a website dynamic - for dummies

Let's create the future layout of our website. To do this, we’ll draw a super beautiful website in Photoshop and cut it into pieces. Let's imagine that the header, logo, menu and footer are not written in words, as in this example, but these are elegantly and colorfully designed elements of the site.

Let's create three pages for example and call them Section 1, Section 2, Section 3

This text will be different for different pages, but we won’t bother with it and will leave it as is on all pages.

Let's start creating a website in PHP.

1. Select the header, logo, menu, footer blocks into separate files with the php or html extension

header.html

logo.html

menu.html

footer.html

Let's add a file with this text so that we can see it on all pages. Let's call him text.html

Note. From now on, I will keep further records directly in the file. text.html

2. Let's create a template for our website in PHP.

To do this, we will do a simple thing - save the real file, but with the php extension and erase all the text content. It may not be professional, but it is understandable, but we will complicate everything later. Now the main thing is to understand the principle of layout.

3. Now we don't need the template.html file.

Thanks to him, we have an idea of what our site will look like.

4. Our template is template.php file

We will now insert all the site elements into it using the include command.

5. Let's create three pages, as we were going to do initially.

Section 1, let's call 1.php

Section 2, let's call 2.php

Section 3, let's call 3.php

To do this, you can use the simplest command save as...

Let me explain for the little ones: open the file template.php, then press save as... and save it under the name 1.php, repeat the procedure and save the site pages sequentially 2.php, 3.php

We ended up with 3 pages with the same design. Just paste it instead of a file text.html another, supplement with different pictures or some html codes, scripts and the content of each page will be unique.

Attention!

If the file is not created index.php for the main page, then in the browser, by typing the site address, we will not see the site itself, but only the directory structure (list of folders).

You can look in Denver and see for yourself. Let's fix the situation - create a file index.php and let's call without further ado home. At the same time, let's create a file text-home.html and using the command include insert it onto the newly created main page of the site.

6. How to view a website in php?

We just won’t see what happened. This is no longer a template with an html extension.

But not a problem either. We need our own, i.e. local server on your computer. To do this, we’ll install Denver and look at the result of our work in a browser without going online.

Now that's order. I typed in the site address and saw everything that had just been created in a normal form with design.

Now let's take on the site's PHP menu.

1. Open the file menu.html and turn sections 1, 2 and 3 into links on the site. Links in PHP are created in different ways.

Our task is to learn how to feel the site created in PHP. Therefore, we will make links as on a regular static site Section 1, etc.

I absolutely love this link creation process in Macromedia Dreamweaver. Have time to reap OK and drink coffee.

2. How to make a link in the menu inactive if the visitor is on this page.

It will be more convenient for the visitor to navigate the site knowing which page he is on.

If you have followed all the steps strictly point by point, you will see that all the links in the menu are always active. How to fix it?

First, let's remember the definition of what it is Conditional statements

– this is when some action is performed or not performed depending on conditions.

Let's do the following:

We will need variables and one conditional operator:

if ($master == "Main")// this condition. If it is executed, then in this place of the menu, using the echo command, ordinary HTML tags are inserted that display the inscription “Home”.

echo "
home
";

else// means “otherwise” - what will happen if the condition is not met. In this case, if the condition is not met, the inscription “Home” will be a link leading to the main page.

echo "
home
";

We came up with the condition, but so that check variable – you need to ask it.

To do this, we will place the following code blocks on all pages:

$master = "Main";

$master = "Section 1";

$master = "Section 2";

$master = "Section 3";

As you can see, each page has its own code.

So, our practical steps for creating a PHP menu will be as follows:

1) Open the file index.php

and paste the code

$master = "Main";

to the place where you insert the code that displays the site menu itself include "menu.html";
?>

2) Open the file menu.html and insert the code with the condition instead of a simple html link to the main page.

We look in the browser and admire! If we go to the main page, the link is no longer active!

3) Repeat points 1 and 2 with pages 1.php, 2.php, 3.php

Repetition 1:

1) Open file 1.php and insert before the code that displays a menu block with a given variable

$master = "Section 1";

2) Open the menu.html file and insert the code with the condition instead of a simple link Section 1, making the following changes:

if ($master == "Section 1")// this condition. If it is executed, then in this place of the menu, using the echo command, ordinary HTML tags are inserted that display the inscription “Section 1”.

echo "
Section 1
";

else// means “otherwise” - what will happen if the condition is not met. In this case, if the condition is not met, the inscription “Section 1” will be a link leading to the main page.

echo "
Section 1
";

The miracle happened again! Now if we are on the page Section 1, the link in the menu is not active.

Repetition is the mother of learning! Or for those in the tank! Again

Repetition 2

1) Open file 2.php and paste the code.

$master = "Section 2";

2) Open the menu.html file again and paste the code with the condition

if ($master == "Section 2")// this condition. If it is executed, then in this place of the menu, using the echo command, ordinary HTML tags are inserted that display the inscription “Section 2”.

echo "
Section 2
";

else// means “otherwise” - what will happen if the condition is not met. In this case, if the condition is not met, the inscription “Section 2” will be a link leading to the main page.

echo "
Section 2
";

Repetition 3

1) Opening file 3.php and set the variable.

$master = "Section 3";

2) In the menu.html file we insert the code with a condition instead of a link Section 3, the changes are:

if ($master == "Section 3")// this condition. If it is executed, then in this place of the menu, using the echo command, ordinary HTML tags are inserted that display the inscription “Section 3”.

echo "
Section 3
";

else// means “otherwise” - what will happen if the condition is not met. In this case, if the condition is not met, the inscription “Section 3” will be a link leading to the main page.

echo "
Section 3
";

Bottom line: instead of links in this type of menu

home

Section 1

Section 2

Section 3

This lesson about php was written in response to numerous requests from site visitors and is a practical guide to learning how to create a dynamic menu for a site in php.

The next webmaster's cheat sheet will tell you how to make unique titles, descriptions and keywords for each page in PHP.

You can download the archive with all the site template and php menu files. Recommended for those new to programming.

If you are ready to seriously study PHP, then it is difficult to find a better video course from Popov. He has a lot of experience and a good style.

]]> ]]>