How to fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon

Question

Hi folks. I scanned my login script using SQL Inject Me Firefox addon

According to the Test Results, my script was vulnerable to SQL Injection. Result by example

Results:
Server Status Code: 302 Found
Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE
Server Status Code: 302 Found
Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31

My script

1. login.php - Login form

2. check-login.php - To check login detail and here is the code.

   $email = clean($_POST['username']); $pass = clean($_POST['password']); $user = "select * from tbl_admin where admin='$email' and pass='$pass'";

   // some code

   $_SESSION['login_mes'] = "You have successfully logged in !"; header("Location:admin.php"); exit();

   } else {

   $_SESSION['login_mes'] = "Invalid email address or password, please try again."; header("Location:login.php"); exit(); }

The problems came when login failed. If I remove the

} else {

$_SESSION['login_mes'] = "Invalid email address or password, please try again.";
header("Location:login.php");
exit();
}

No failures detect by SQL Inject Me and how to fix this part?

Answer 1

302 is the server's way of saying "I want you to go to [somewhere else]" (in this case login.php). It is not an error but a perfectly normal response. Especially in your case it makes much more sense (if you ask me) to send the user to a login page after a SQL injection attempt than to let him in.

Answer 2

"// some code" doesn't help much, but the problem may to be with this clean(). Try mysql_real_escape_string() instead.

Edit: As said above, 302 code means "you are being forwarded". It doens't mean the SQL Injection was sucessfull, as it doesn't mean it wasn't either. In this case you will only know that if you can determine where this 302 is forwarding you, to "admin.php" or "login.php".