Wap-landz hacked script

Its been hacked by huwad, is he your brother?

Its so lame to hack these sites for what?? Its been shared over and over b4 they just change the css layouts. It also puts ppl of from using the sites...

ah, it saddens me to see all these lava scripts getting hacked n shared...

cause basically they just sharing stuff that has been put together using the scripts that came before n everyone has access to, but seemingly can't be bothered to edit for themselves...

also, every time this happens whatever little additional security had been added is pretty much useless since anyone can read the code n work out ways around it... pretty much anyone can hack a lava script unless the directory names n function names been changed which normally doesn't seem to happen n guys wonder why they get hacked...

for example, using the little scripts i've been posting for my backup tools, etc with minimal effort one can make a 'shell' kinda script that pretty much defeats anything if you know the directory structure of a site... like it takes one upload in a gallery n one url to backup site n db n mail it to myself...

i'm not into that kinda stuff since this is misusing my knowledge... why other people feel they have a right to do such things is beyond me too...

ie: use the knowledge to help others n make WAP more massive, not to go mess up others hard work cause you too lazy to put more effort into coding things to make your site, unique or add more features, etc...

thanks for sharing anyway...

c0rrection pipz.. this script is n0t a lava script, its a free to use forum script but cann0t be edited/modified without a permission or not licensed(it is encoded) that can be downloaded to the web, as what iorkutvmi(site owner) says. He purchase this hacker's friendly script (quite funny but its the reallity) ived check the vulnerability of the script and its vulnerable to xss, can be injected in user profiles; and some of its weakness.. .
@pmbguy, 1 more correction, changing filenames, variables(obfuscate in other term), hiding your database, etc. will do nothing to protect your site.. its a matter of how you use functions in PHP and how to call on database. Im not a pro coder nor programmer, but i have a lil kn0wledge on how to secure a site..

ok, well i guess it won't do much to protect your site from pros, but it's better than running a straight lava script without modifying anything at all...

cause i know from experience before that a site i was hosting was getting sql injected into the ground, etc. as well as getting trashed with scripts through the galleries, etc...

after i redone the database n renamed a few actions and php files it stopped...

therefore, i know your site is safer if you go to the trouble of a bit of modification than if you don't...
also, i'm used to getting sites trashed, why you think i coded my backup tools that i've shared some of the code for on here...

that's why i said renaming is the first step of defense against getting lava based sites hacked... cause without renaming, half the guys i know who code can quote urls of the top of their head, thus if they get one admin sid, your site going down... plus sql injection: update ibwf users set perm = 4... that's not gonna work if your users table is sqiggly puff n perm is whoseurdaddy if you get my point...

hacking sites is made so much easier if you got a copy of the script cause you know where weaknesses are, etc...

ie; get admin sid, then use url to go to adminaction.php?action=delu&who=x&sid=sid kinda thing...

like there's loads of other stuff posted around on the forums about sql injection protection etc... i'm just quoting the methods that worked for me when i was still learning to code which was before i even knew xss existed...

yah, you have a point pmbguy, if the hacker is noob or just call them lazy they will not attempt to hack your site, but if they are despirate, they will look for sql errors, in that case your database tables will appear, ah! theres a solution i can give for you for that fckn trick.. but still.. you dont have clean query..

yeah man, i swear by errors off... saves them seeing all the secrets to how things work...

essential first line of config.php...

but if they memorized on how to put injection whats the use of 0 error displayed?

Added after 5 minutes:

but if they memorized on how to put injection whats the use of 0 error displayed?

config.php is missing

your brain is also missing...
there isnt any config.php at all...
it is SETTING.PHP
what holds the db name, user, pass, etc

Actually u have taken my brain thats why it is missin' L0L @metulj

hi there friends i have this script set up and i have set up the wildcard DNS and when i try to create a site it comes up with * The domain selected is invalid

please can some one help me with this pelase and thanks to any one that helps me with this