Hotel Keeps Being Hacked. Any Help Will Be Appreciated

[Joe Richardson]

My hotel keeps getting hacked and i can't figure out how. Somehow, he can edit all the user data, and rank everyone owner etc. Any help would help my alot.

hendo-hotel.co.uk

[MentaL]

[Billy Baggins]

What cms and emu are you using? and theme maybe

AFAIK mysql has a logging option which will save every query ran to a log file. If you enable that then you would see the query being ran which will give you an idea of where the exploit it. Unless they have direct access to your db/server

[Joe Richardson]

What cms and emu are you using? and theme maybe

AFAIK mysql has a logging option which will save every query ran to a log file. If you enable that then you would see the query being ran which will give you an idea of where the exploit it. Unless they have direct access to your db/server

Source version of phoenix 3.11.0, and RevCMS. They didn't get on the vps. Also, I don't have the AFAIK. Sounds a good tool to get.

[Billy Baggins]

afaik means as far as I know :P

[The General]

Phoenix. No exploits in there. Must be your CMS.

Filter all $_POST & $_GET variables that are directly used in a query.

[Joe Richardson]

Phoenix. No exploits in there. Must be your CMS.

Filter all $_POST & $_GET variables that are directly used in a query.

Could you direct me into a place on how to do that. I'm still learning haha. You always help me hillbilly. Thank you mate.

[The General]

like:

UPDATE users WHERE username = $_POST['username'];

That query can be exploited but you can escape that by replacing $_POST['username'] with mysql_real_escape_string($_POST['username'])

[Joe Richardson]

like:

UPDATE users WHERE username = $_POST['username'];

That query can be exploited but you can escape that by replacing $_POST['username'] with mysql_real_escape_string($_POST['username'])

I don't really understand all that. I just know i should place that somewhere haha. I know he's sql injecting me. I'll find that and do whatever haha. Thanks.

Would you be able to have a quick look at my skin folder, and find this exploit. I mean, when you have some spare time.

Bump this please.

I really need help with this.

[1nc1n1gr4t3]

Are u running xampp?

[Joe Richardson]

Are u running xampp?

No. Im using iis

[1nc1n1gr4t3]

Then i can't help you, it would be obvious if you had xampp cause xampp is using a security thing called.. erm.. hm.. i forgot the name but anyways its using a sort of hackable source so u can view others root name and root password..

[The General]

Then i can't help you, it would be obvious if you had xampp cause xampp is using a security thing called.. erm.. hm.. i forgot the name but anyways its using a sort of hackable source so u can view others root name and root password..

You're so stupid. WebDav is no hackable source. Its just a remote folder people can access. Most people forget to change te login details thats why some call it a backdoor or exploit.