[SERVICE] Patch Exploits/Leaks ect.. [TRYING]

[Habblet]

How do you meen 'trying' well im not really 100% PRO so im also gonna test my skills here...

What i need to do?
Describe your situation and report what the scripters do.

For example:
My database is getting deleted
[Check before you report: apache/logs/acces.log]

Index me / me is getting redirected
[Check before you report: database]

All room names are suddenly changed
[Check before you report: database or apache/logs/acces.log]

etc .........

Notice! I can`t patch everything... but i can patch the most.

Sorry for my bad english, im dutch.


EXPLOITS RESOLVED:

its the checknametaken injection, ok first go to 'inc/class.users.php'

Look for

Code:

	public function IsNameTaken($nm = '')
	{
		return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . $nm . "' LIMIT 1")) > 0) ? true : false);
	}

replace that with

Code:

	public function IsNameTaken($nm = '')
	{
		return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . mysql_real_escape_string(stripslashes($nm)) . "' LIMIT 1")) > 0) ? true : false);
	}

[MentaL]

[Arnii]

so you will make it some kind of anti-hack stuff? well, goodluck marco?

Grr..
Arnii

[HabMoon]

Don't need any help with it yet, but goodluck with this service :]

[Hejula]

Looks good, but to stop the database getting deleted, just put the database on another account on the SQL Server (not root) and remove the DELETE privileges..! Just thought I would say in case anyone wanted to know :P

[FlyCoder]

Doubt this will go far..
Posted via Mobile Device

[Habblet]

Looks good, but to stop the database getting deleted, just put the database on another account on the SQL Server (not root) and remove the DELETE privileges..! Just thought I would say in case anyone wanted to know :P

Hmm, mostley on xampp can only localhost connect with root account, and to stop this really you need to patch.

[Hejula]

Hmm, mostley on xampp can only localhost connect with root account, and to stop this really you need to patch.

I have multiple MySQL accounts on my XAMPP Development server, and they work fine, I tried deleting a database with the DELETE command and seeing as it was disabled on the MySQL account chosen, it wouldn't execute the command. This might not patch the exploit, but it renders it useless pretty much? I do see where you are coming from though!

[Grenadier]

How can anyone trust you?

[Habblet]

How can anyone trust you?

There are more programmes and they can check it... or else im telling you the exploit/leak, and you can try it youreselfs.

[ntl200]

right ok so your goin to patch first? the tcp connection of uberemu? ;)

[FlyCoder]

Hmm, i see. This thread is waste of space.
Posted via Mobile Device

[salah-salah]

Hablet , thanks for this service but i think that no one needs this..
No one is posting anything

[Habblet]

right ok so your goin to patch first? the tcp connection of uberemu? ;)

More information, i dont know anything about this one...

[Eronisch]

Direct hacking, some fággot keeps going in my database and edit everything he wants ..

[Habblet]

Direct hacking, some fággot keeps going in my database and edit everything he wants ..

i think its the checknametaken injection, ok first go to 'inc/class.users.php'

Look for

Code:

	public function IsNameTaken($nm = '')
	{
		return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . $nm . "' LIMIT 1")) > 0) ? true : false);
	}

replace that with

Code:

	public function IsNameTaken($nm = '')
	{
		return ((mysql_num_rows(dbquery("SELECT null FROM users WHERE username = '" . mysql_real_escape_string(stripslashes($nm)) . "' LIMIT 1")) > 0) ? true : false);
	}