Today I opened a French server, I am under swift emu r5 then coded CMS 0, when I have opened us directly hacked, hackers have us delete the users table! I do not think this is a flaw in the CMS so you can tell me if there is a flaw in the emulator? it's urgent thank you in advance
Sorry for my bad english im french
hello I'm french I had the same hack for my case it was a good break on habbophp, not the emu pirateurs also simply remove the user table as you.
Check your MySQL error logs to see if they made a mistake. If they did then you're able to easily find out the exploit.
Hi, I'm the owner of the server whose Mal3ck speak. I can not check my mysql logs because I have not had time to enable the log function.Originally Posted by HillBilly
In fact, the users table was cleared, but the rest was not touched. Surely injection via the emulator. Is that possible?
I wouldn't say surely if you are using phpmyadmin or some exploitable CMS such HabboPHP or one of these RevCMS edits. Anyway all mysql injection possibilities were patched in the open thread so all you need to do is read it and patch your code
It probably wasn't the emulators fault and more likely your own for not reviewing all code before sending the website live. Kinda foolish of you :)
I found no exploits in Swift that haven't already been patched in the thread, and I work on it daily.
We encode our php by ourselves we can use PDO so no SQL injection. However I find it strange that only the user table was empty and not delete the hacker might well have deleted the database to complete what he did not.
Sorry for my bad english I'm french..
According to a member it would be possible to register with an account that would grader administrator directly. It is also possible to disconnect members in an apartment with a fail. it is possible that member told me?
Maybe you fucked up a bit with the PHP? Maybe you used a too weak password for MySQL
I found the problem, it was a SQL injection via the marketplace_offer.
But however I have another problem now, when we an apostrophe, as it follows a slash: / '
What to do?
Secure all user input on querys with magic quotes or use PDO (bindvalue's)
