i belive is work my friend!
Printable View
i belive is work my friend!
And here is a list of SQL Injection functions...you better protect yourself against those otherwise I will be the guy destroying your noob a55 server :thumbup:
Enjoy!Code:ABORT -- abort the current transaction
ALTER DATABASE -- change a database
ALTER GROUP -- add users to a group or remove users from a group
ALTER TABLE -- change the definition of a table
ALTER TRIGGER -- change the definition of a trigger
ALTER USER -- change a database user account
ANALYZE -- collect statistics about a database
BEGIN -- start a transaction block
CHECKPOINT -- force a transaction log checkpoint
CLOSE -- close a cursor
CLUSTER -- cluster a table according to an index
COMMENT -- define or change the comment of an object
COMMIT -- commit the current transaction
COPY -- copy data between files and tables
CREATE AGGREGATE -- define a new aggregate function
CREATE CAST -- define a user-defined cast
CREATE CONSTRAINT TRIGGER -- define a new constraint trigger
CREATE CONVERSION -- define a user-defined conversion
CREATE DATABASE -- create a new database
CREATE DOMAIN -- define a new domain
CREATE FUNCTION -- define a new function
CREATE GROUP -- define a new user group
CREATE INDEX -- define a new index
CREATE LANGUAGE -- define a new procedural language
CREATE OPERATOR -- define a new operator
CREATE OPERATOR CLASS -- define a new operator class for indexes
CREATE RULE -- define a new rewrite rule
CREATE SCHEMA -- define a new schema
CREATE SEQUENCE -- define a new sequence generator
CREATE TABLE -- define a new table
CREATE TABLE AS -- create a new table from the results of a query
CREATE TRIGGER -- define a new trigger
CREATE TYPE -- define a new data type
CREATE USER -- define a new database user account
CREATE VIEW -- define a new view
DEALLOCATE -- remove a prepared query
DECLARE -- define a cursor
DELETE -- delete rows of a table
DROP AGGREGATE -- remove a user-defined aggregate function
DROP CAST -- remove a user-defined cast
DROP CONVERSION -- remove a user-defined conversion
DROP DATABASE -- remove a database
DROP DOMAIN -- remove a user-defined domain
DROP FUNCTION -- remove a user-defined function
DROP GROUP -- remove a user group
DROP INDEX -- remove an index
DROP LANGUAGE -- remove a user-defined procedural language
DROP OPERATOR -- remove a user-defined operator
DROP OPERATOR CLASS -- remove a user-defined operator class
DROP RULE -- remove a rewrite rule
DROP SCHEMA -- remove a schema
DROP SEQUENCE -- remove a sequence
DROP TABLE -- remove a table
DROP TRIGGER -- remove a trigger
DROP TYPE -- remove a user-defined data type
DROP USER -- remove a database user account
DROP VIEW -- remove a view
END -- commit the current transaction
EXECUTE -- execute a prepared query
EXPLAIN -- show the execution plan of a statement
FETCH -- retrieve rows from a table using a cursor
GRANT -- define access privileges
INSERT -- create new rows in a table
LISTEN -- listen for a notification
LOAD -- load or reload a shared library file
LOCK -- explicitly lock a table
MOVE -- position a cursor on a specified row of a table
NOTIFY -- generate a notification
PREPARE -- create a prepared query
REINDEX -- rebuild corrupted indexes
RESET -- restore the value of a run-time parameter to a default value
REVOKE -- remove access privileges
ROLLBACK -- abort the current transaction
SELECT -- retrieve rows from a table or view
SELECT INTO -- create a new table from the results of a query
SET -- change a run-time parameter
SET CONSTRAINTS -- set the constraint mode of the current transaction
SET SESSION AUTHORIZATION -- set the session user identifier and the current user identifier of the current session
SET TRANSACTION -- set the characteristics of the current transaction
SHOW -- show the value of a run-time parameter
START TRANSACTION -- start a transaction block
TRUNCATE -- empty a table
UNLISTEN -- stop listening for a notification
UPDATE -- update rows of a table
VACUUM -- garbage-collect and optionally analyze a database
hehe i dont whanna give all this info i just create a littel guide to test the webserver protection! damn man you give here all hack info!
nice !!! tnx for the guide
Every good hacker knows this info.And there are many good hackers.Quote:
Originally Posted by HurryPoker
Learns what a hacker learns,think like a hacker thinks,and then you will understand how to protect yourself :thumbup1: I am scarred shitless of hackers.You should see the precautions I take....I impress myself on what I do not to get hacked in any ways :ott1:
Decent thread - however, the common problem why so many holes are discovered is because over 80% of the servers are currently based on Mu Web. It is a decent script, but like any other script - it requires modifications.
Do yourself a favour - use these scripts but try to improve the script in terms of security - once you've gathered some basic HTML/CSS knowledge and basic PHP - then I'd suggest you go create your own web site.
Meti
The lastest MuToolz will be secure at least for a while,and I have a feeling john_d will be updating them regularly.Quote:
Originally Posted by MeTi
Anyways,hurrypoker,good guide.Your other guides are also pretty cool :sleep: respect
John has more experience in this field - and know how to secure a script properly. However - as this will be a component that is basically installed on a Content Management System (in this case, Joomla) - you would have to secure the Joomla script. And Joomla is currently one of the largest, and well-known content management systems - so you will need to know how to properly apply work on the security.Quote:
Originally Posted by Crystal-X
John is coding a component not a complete web site - so basically the "bridge" will be secured as I do believe John has the experience required to secure such bridge - but the Joomla script will have to be secured by their respective server operators. However - Joomla is updated frequently and if you regularly update your Joomla copy you decrease the chance of possible security holes - but there's always ways to get in.
Meti
hackers is alwasy 1 step infront of "coders" that i thing :PQuote:
Originally Posted by Crystal-X
hackers is alwasy 1 step infront of "coders" that i thing WRONG!
The coders are the real hackers!
boing! bump up!
IT`S JUST ONLY STOP THE SQL :) so.... bad luck :))
RO: bwahahhahaha.
Ma sparg de ras! Oricum, ai inceput bine treaba! Vezi ca mai sunt si alte chestii de acoperit, nu doar panaramele de muweburi facute de =Master=... spre ex: in mu web 0.7 sau 0.8 poti teleporta pe cine vrei si unde vrei cu doar 2 clicuri :)
In rest, ca sa nu fie panica prea mare... mai bine va configurati singuri un server apache + php, nu folositi XAMPP, de ce? other sql injections!
EN: Good job! keep up the good work. Remember, always wash your hands and use custom made sites, not mu web and related crap.
I hack for fun, you?
Sorry mate,but in MSSQL 2005 it`sQuote:
Oky i made a littel test for your sql!
How is work?
Simple!
Go to web page => Register new Account => Add account info!
BUT! BUT in e-mail add this code:Then click: Create New Account!Code:'';shutdown;--
If your web is not secured in 5---10 seconds your SQL will sleep!SQL SHOTDOWN!
Or you can do same sh*t to: web page =>Lost Password=> Add account info! in e-mail add this code:Code:'';shutdown;--
,and notCode:;shutdown;--
,and it really works if you insert this in the "Change Password" section,if there is any...(you have to be logged on)Code:'';shutdown;--
Really nice guide.