Changing field names and table names will also help. so it will be hard for noobs like me to keep guessing it.
							
						
					Lavalair Exploit
				
					Collapse
				
			
		
	X
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 Changing field names is good as long as you keep php error messages off and dont show mysql errors as otherwise people can crash your sql to get field namesOriginally posted by thanatos View PostChanging field names and table names will also help. so it will be hard for noobs like me to keep guessing it.Last edited by something else; 30.05.10, 15:27.
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 huh?..... they can even hack ur site using ip?Originally posted by something else View Postgoing back to the original exploit you will need to cover your ip and browser details with mysql_real_escape_string and htmlspecialchars to stop people like mobileGIGs from injecting sql or malicious html into your site
 eg:
 PHP Code:////////////////////////////get ip
 function getip(){
 if(!empty($_SERVER['HTTP_CLIENT_IP'])){
 $ip=$_SERVER['HTTP_CLIENT_IP'];
 }else if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
 $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
 }else{
 $ip=$_SERVER['REMOTE_ADDR'];
 }
 $ip = strtolower($ip);
 if(substr_count($ip,"unkown")>0){
 $ip=$_SERVER['REMOTE_ADDR'];
 }
 $ip = htmlspecialchars($ip);
 $ip = mysql_real_escape_string($ip);
 return $ip;
 }
 ////////////////////////////////get browser
 function getbrowser(){
 $brws = $_SERVER['HTTP_USER_AGENT'];
 $ope = $_SERVER['HTTP_X_OPERAMINI_PHONE_UA'];
 if ($ope==""){
 $br = $brws;
 }else{
 $br = "$ope $brws";
 }
 $br = htmlspecialchars($br);
 $br = mysql_real_escape_string($br);
 return $br;
 }
 Mobile chat, iphone chat, android chat, chat, rooms http://www.aiochat.com
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 lol i'm lucky cuz i always used <?php echo $_SERVER["ROMOTE_ADDR"]; ?> to display ip =/Mobile chat, iphone chat, android chat, chat, rooms http://www.aiochat.com
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 i think what u ment to say was ( may i remind you ppl that this yet another discusion for someone to do all the research and show me how to secure my lavalair script)Originally posted by thanatosmay i remind u again pipol dz discussion is for security protection of lavalair script. If ur damn GOOD at all, u might wana show it, not jst posting in words dat tells us dat u knw greater thngs, stop boastin around. Again and again, f.uck off a.ssholes if u got nothng good to share.
 
 my answer is look Look here i searched for you
 
 but im gona add if u need to make a topic about this your not gona understand what u read in which case delete the file called config.php and drop the database most probly called database and your done no will will be able to hack your site and u wont waste alot of ppls time.
 
 if u do understand coding there is about 915 matches on google surly if you read thru some off them u will see and understand what u need to do.
 
 my best advice is to STOP USING LAVALAIR ALL TOGETHER and code your own scriptCreator ofEpix.Mobi
 
 Keep an Eye on us Big things coming soon!!!!
 Need something for your site hit me up here
 http://coding-talk.com/forum/main-fo...r-your-wapsite
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 u no this doesnt help u at allOriginally posted by kevk3v View Postlol i'm lucky cuz i always used <?php echo $_SERVER["ROMOTE_ADDR"]; ?> to display ip =/
 theres programs to change your ip output and anyone that knows what there doing can always change there local ip address as wellCreator ofEpix.Mobi
 
 Keep an Eye on us Big things coming soon!!!!
 Need something for your site hit me up here
 http://coding-talk.com/forum/main-fo...r-your-wapsite
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 lol @ something else . . . U said i will inject what? Ha ha. Im a security auditor nw and i audit sites for firms part-time, pay my tuition with cash gained so except ANY OF THE SITES you own has a hole that can fetch me about 500+ bucks when i find it out then *read my lips* im nt FU.CKING interested!!!
 
 Theres a bigger world out of ur miniature brain box. U tink session jacking is the sh!t? Or maybe its sql injectn? Well newsflash, d only reason u knw just those is cuz u got a 2bit, 50 online max wapsite.
 
 Incase u wer wndrin, wot amy said was true, lava script and all its mods r like cheese, MANY HOLES.
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 gigs favorite insult "2 bit site" lol
 if your such a big time auditor what the hell are you doing on a site that is full of "2 bit site"? (as you call them)
 as i said before you just come here to make your self feel the big man. but if you read your posts you just make yourself look like a right...... well I dont need to say any more as your next post will do it for me lol
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 @loony, sorry i dnt have site anymore so i dnt hav nothng 2 worry about. and my intention is to share the vulnerabilities of lava script. its not ur problem if ppl wana use lava script. dats why i created dz topic so ppl cn discuss hir d holes of lava script and how to cover it up atleast to prevent sum1 frm j.acking it off. and btw not all ppl cn code his site in an instant esp 4 d newbies. and i bliv newbies cn make lava script as their basic foundation to learn a lot.
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 load of ****
 
 this is just STUPID this site is called coding-talk not lava-talk i wouldnt say anything bad about the lava creators (amylee and irisblaze) are awesome and everyone owes them alot but im seriusly over all the **** about that script. the mods are all coded with major holes, most of the so called fixs have major holes saying that alot them actualy do work if u no how to adjust the code to add the fixs. why keep opening up new post asking the same question everyone on this site see's everyday use the search bar then u dont have to put up with ppl trolling your post's and wasting your time.Originally posted by thanatosand oh btw id lyk 2 add dz. if ppl shud not use lava script anymore, its lyk ur saying, hey dnt cme 2 codingtalk anymore wer lava script is discussed evrytme? if lava script shud not b used at all then y most of d members hir hav used it and done modification? codingtalk is much more known for lava script discussion. if ppl r not going 2 use it, den wat ppl supposed 2 b discussing hir? its not a failure if u wil b hacked a millions time. Bt failure comes when u give up.Creator ofEpix.Mobi
 
 Keep an Eye on us Big things coming soon!!!!
 Need something for your site hit me up here
 http://coding-talk.com/forum/main-fo...r-your-wapsite
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 And btw jst 4 e.g dz site has vulnerabilities too: http://www.bulacan.gov.ph/tesda/news....asp?newsid=-2 we see that even professionals has weakness. Everybody commits mistakes. So if a lot of u will contradict dz discussion, wat must be done then if we're not gonna take actions about lava holes? We'll jst say dnt use lava script so u wil not b hacked. U tink by coding ur own script, u wil not encounter any ataks at all? Dz is a topic wer i hope sum1 will learn out of dz. Not to contradict their beliefs,skills,idea etc etc.
 Comment
- 
	
	
	
		
	
	
		
		
		
		
		
		
		
	
	
 lmao. What im doing ere? Its called 'keeping ur ears in d streets' in my line ov business its essential to knw whats nu, whats what, and wher it is. I go round ere, stackoverflow, php.net, secunia etc. Trust me im nt perculiar to just ere. Maybe u shud try it, it helps broaden ur views.
 
 And kev u knw OOP? And u wer trying to instantiate a method like dis
 in one ov ur threads? U just knw basic classes, go deeper. Advice nt insult.PHP Code:$test = new function();
 $test->test();
 
 
 Next stop stackoverflow, adios til lata :-( miss yal.
 Comment

Comment