[Help] DMNCMS Injections

[MaF1oZo]

Hi all,who know any dmncms holes,for sql inj and write how to fix it?i read today that some hole at market,is it true?

 

[Dope Boy One]

Hi all,who know any dmncms holes,for sql inj and write how to fix it?i read today that some hole at market,is it true?

be specific, on what version? on the cracked one or the premium?

 

[MaF1oZo]

premium 1.1.8

 

[Zaseth]

You should make sure every query is prepared and every query using user input data should be escaped and checked for regex.

 

[MaF1oZo]

4 time my db,ports are close.From server too can't drop db,only site..forum at another hosting.any ideas?

 

[Dope Boy One]

Hi all,who know any dmncms holes,for sql inj and write how to fix it?i read today that some hole at market,is it true?

is it on market between characters or the shop on website?

 

[Zaseth]

If your stuff is written in PHP, put in every .php file using MySQL the following line after the beginning of the script:

error_reporting(-1);

This will print any error. Do note that everyone can see those errors. Let us know what errors you're getting.

 

[solarismu]

If your stuff is written in PHP, put in every .php file using MySQL the following line after the beginning of the script:

error_reporting(-1);

This will print any error. Do note that everyone can see those errors. Let us know what errors you're getting.

Sql injections are not errors. You will catch nothing in error log. Try to log all sql queries executed, and see what happened

 

[Zaseth]

@solarismu

Every MySQL error is captured. When you put an apostrophe in the query, it'll always generate an error. That's why OP should put an apostrophe wherever he can in-site and use a vulnerability scanner for PoC.