Securing a database

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Securing a database

    i didnt kn0w h0w s0me0ne kn0w my database name, passw0rd 0r table name in phpmydadmin.. If sql injecti0n.. I already put the bl0ck c0de via p0st n url.. Is it s0me0ne can view my c0nfig 0r hack phpmyadmin?? I really c0nfuse with that.. Can s0me0ne give me the answer h0w t0 s0lve that? If i encrypt the database.. Is it the s0luti0n..

    Added after 3 minutes:

    h0w ab0ut the sql all privelledges run that i set.. S0 c0nfuse n0w.. H0w can the run sql c0mmand and injecting...
    Last edited by ewanz; 03.09.10, 13:46.
    our lfe is simple words....
    http://mygenkz.net
    ewanz06@yahoo.com
    PHP Code:
    $output="i am NOoob....";
    $newfile="ewanz.txt";
    $file fopen ($newfile"w");
    fwrite($file$output);
    fclose ($file); 

    #2
    PisS on the database name...just rename pass , perm the main thing if u r using lava mainly...just use ur brain and think how the script u r using can be injected

    Added after 3 minutes:

    If he has edit ur config then it means that he has gues ur paswrd or has used bruteforce enter ur cpanel
    Last edited by BANDIT007; 03.09.10, 14:36.
    PRACTICE MAKES PERFECT KEEP TRYING UNTIL YOU ACHIEVE SOMETHING IN LIFE.
    IF YOU LIKE WHAT AM SHARING PLEASE DO SAY THANKS!!!
    THANK YOU LOL

    Comment


      #3
      Renaming a table is not a solution for this problem, explore and learn.
      LESS TALK. LESS MISTAKE.

      HTTP://APPSROB.COM - LIST OF MY FACEBOOK APPS!

      Comment


        #4
        give some hint and tips plezzz..
        our lfe is simple words....
        http://mygenkz.net
        ewanz06@yahoo.com
        PHP Code:
        $output="i am NOoob....";
        $newfile="ewanz.txt";
        $file fopen ($newfile"w");
        fwrite($file$output);
        fclose ($file); 

        Comment


          #5
          how about our deal before?
          LESS TALK. LESS MISTAKE.

          HTTP://APPSROB.COM - LIST OF MY FACEBOOK APPS!

          Comment


            #6
            mysql_real_escape_string
            $id = (int) $_GET['id'];
            replace all sql injection used chars
            and many other
            <?php unlink('World/Europe/Romania.country'); ?>

            Comment


              #7
              i have alredy did it bef0re.. But still happened t00.. He can c0nquer the database.. H0w t0 bl0ck it?
              our lfe is simple words....
              http://mygenkz.net
              ewanz06@yahoo.com
              PHP Code:
              $output="i am NOoob....";
              $newfile="ewanz.txt";
              $file fopen ($newfile"w");
              fwrite($file$output);
              fclose ($file); 

              Comment


                #8
                er..

                Originally posted by ewanz View Post
                i have alredy did it bef0re.. But still happened t00.. He can c0nquer the database.. H0w t0 bl0ck it?
                Maybe they does't know ur table prefix/name.. they just use current connection from ur db and sent a command that does't need calling table name.. (maybe).. maybe all ur data had been sent to outsider..
                sigpic
                Visit my WEBSITE Project: http://www.aspirewap.net

                Comment


                  #9
                  add mysql_real_escape_string in your site on every GET and POST
                  eg;
                  if your line is like this for GET
                  $id = $_GET['id'];

                  than change it as

                  $id = mysql_real_escape_string($_GET['id']);

                  for more you can visit php.net
                  Sandeep DiL (INDIAN)



                  Comment


                    #10
                    create database password that are very complex to understand. don't use simple password as text or numbers. create different database name and database user name. you may change config permission of that script. you may set config permission as 444 etc that means other user can not hacked .

                    Comment


                      #11
                      i think s0.. But h0w can they kn0w the db user n pwd to connect the db outsider.. Is it phpmyadmin hack?
                      our lfe is simple words....
                      http://mygenkz.net
                      ewanz06@yahoo.com
                      PHP Code:
                      $output="i am NOoob....";
                      $newfile="ewanz.txt";
                      $file fopen ($newfile"w");
                      fwrite($file$output);
                      fclose ($file); 

                      Comment


                        #12
                        They have probably got a shell script on your server to get your database details

                        Comment


                          #13
                          i had disable the shell excuted in my server and off the uploder.. It possible... S0 c0nfuse n0w
                          our lfe is simple words....
                          http://mygenkz.net
                          ewanz06@yahoo.com
                          PHP Code:
                          $output="i am NOoob....";
                          $newfile="ewanz.txt";
                          $file fopen ($newfile"w");
                          fwrite($file$output);
                          fclose ($file); 

                          Comment


                            #14
                            how did you disable them ... as there is either a hole there or via sql injection of by use of a wml variable if wml is used?

                            Comment


                              #15
                              hole? I d0nt use wml.. Can u give s0me example,
                              our lfe is simple words....
                              http://mygenkz.net
                              ewanz06@yahoo.com
                              PHP Code:
                              $output="i am NOoob....";
                              $newfile="ewanz.txt";
                              $file fopen ($newfile"w");
                              fwrite($file$output);
                              fclose ($file); 

                              Comment

                              Working...
                              X