SQL Hack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Okay it wont work because sum1 who knws half of what hes doing wnt cum at u with dat test u did. Btw u shud really ditch addslashes man

    Added after 2 minutes:

    And oh if u are using what my man posted up there, atleast filter ur cookies and server globals, we dnt want anyfin cumin frm there now do we.
    Last edited by CreativityKills; 21.08.10, 21:17.

    Comment


      #17
      This was only a quick fix to most problems ... i said use addslashes as i said put it in config.php .... which is before database connecting as you cant use mysql_real_escape_string due to no connection to database...

      Comment


        #18
        the best way to secure it, run any ftp client something like FileZilla, login your ftp account. righclick your public_html dir. and delete it.. xD

        ~CREDITS TO GUMSLONE.

        Originally posted by rayjee View Post
        M8 Its me yggrassil hehe. Heres the tip, u must secured ur browser =)
        noob suggestion. if you want to learn how to secure such script, go to school and study PHP/SQL.. LOL
        Last edited by wapxtech; 03.11.10, 00:21.

        http://wapx.amob.com
        Applications, Games, Wallpapers, Ringtones, Videos, Themes, Screensaver and More!!!

        Comment


          #19
          noob suggestion. if you want to learn how to secure such script, go to school and study PHP/SQL.. LOL
          lol. . . . . . . . . .


          http://www.toinx.org

          Comment


            #20
            Originally posted by rayjee View Post
            lol. . . . . . . . . .
            much better to quite lol! hehe,
            LESS TALK. LESS MISTAKE.

            HTTP://APPSROB.COM - LIST OF MY FACEBOOK APPS!

            Comment


              #21
              thanks all the inf0.. I will try it..

              Added after 5 minutes:

              thanks mate.. That mean i must str replace all the bad c0de f0r the br0wser..
              Last edited by ewanz; 08.09.10, 18:55.
              our lfe is simple words....
              http://mygenkz.net
              ewanz06@yahoo.com
              PHP Code:
              $output="i am NOoob....";
              $newfile="ewanz.txt";
              $file fopen ($newfile"w");
              fwrite($file$output);
              fclose ($file); 

              Comment


                #22
                In some cases hacker does not know the name of the table or the column names, but he can use the same techniques to find these out.

                He need to find out the name of the database that you are using. The function DATABASE() will give you that value. When he know the name of the database being used he can take guesses at the names of the tables.

                Does the current database contain the letter j?
                Code:
                ' OR EXISTS(SELECT 1 FROM dual WHERE database() LIKE '%j%') AND ''='
                Is there a table called one in database test?
                Code:
                ' OR EXISTS(SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='test' AND TABLE_NAME='one') AND ''='
                Is there more than one table in the database(s) containing a j?
                Code:
                 ' OR (SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA LIKE '%j%')>1 AND ''='
                Last edited by firemax; 09.09.10, 03:28.

                Free Mobile Web Scripts by me: Free Youtube Downloader, Tweets Reader, Facebook Wall Posts Reader
                PHP Tutorials: How to Secure Your PHP Script (PHP SECURITY)
                Want to Develop/Edit your WAP/Web Site? Add me to Gtalk (gmail) 'lakshan1989' or PM me.

                Comment


                  #23
                  he is not injecting from browser he is injecting from edit profile like where you change your password and user name etc he put query there and update all users name or password etc
                  left wap stuff

                  Comment


                    #24
                    Originally posted by ewanz View Post
                    thanks all the inf0.. I will try it..

                    Added after 5 minutes:

                    thanks mate.. That mean i must str replace all the bad c0de f0r the br0wser..
                    yup friend. . Put the mysql_real_escape(). . . . . UPDATE ubr and ip . .Tnx to Wap metal f0r teach me how to secured dat injecti0n. .


                    http://www.toinx.org

                    Comment


                      #25
                      bef0re this i had used cleanQuery like 0zzie had p0sted in t0pic.. I put f0r all get, p0st and request t0 secure fr0m injecti0n... N0w, is it i must rem0ve it n replace with the new 0ne..
                      our lfe is simple words....
                      http://mygenkz.net
                      ewanz06@yahoo.com
                      PHP Code:
                      $output="i am NOoob....";
                      $newfile="ewanz.txt";
                      $file fopen ($newfile"w");
                      fwrite($file$output);
                      fclose ($file); 

                      Comment


                        #26
                        Thankz for some info, tnt,..

                        Comment


                          #27
                          Clean your post and get method., its simple and you dont have any problem of sqli by that.,

                          Comment


                            #28
                            Don't forget your cookies, and useragents.. Useragents especially are used Cos ppl tend to forget that they are also user input.
                            Perfection comes at a cost



                            I accept liberty!

                            Comment

                            Working...
                            X