This needs to be repaired urgently
PHP Code:/ranking.php?Dios=&Order=LVL&Tribe=128%20declare%20@sql%20varchar(800)%20set%20@sql=0x(string to hex code)%20exec(@sql)%20select%201%20from%20Tantra..TantraBackup00%20where%201=1
Exploit SQL Injection webzonegamerz Ranking
This needs to be repaired urgently
PHP Code:/ranking.php?Dios=&Order=LVL&Tribe=128%20declare%20@sql%20varchar(800)%20set%20@sql=0x(string to hex code)%20exec(@sql)%20select%201%20from%20Tantra..TantraBackup00%20where%201=1
Last edited by shark-latan; 01-09-14 at 04:30 AM.
Seems like one of my injection methods xd, try banning 'declare' word on your anti_sql.php
- - - Updated - - -
To see how serious it is, here is a video guys:
Yeah seems so very serious.
this is too serious, so that IP and ID of Colombia, is doing injection attacks to a server where I am working ...
is just one of the server where the Alxndr shown in the video ...
The server in the video is from colombia? wow!Originally Posted by shark-latan
i think that server already fixed .. that sql injection
I tried to help them
I hope the owner of that server can post what he did to fix the said problem.
Hahahahahahaha LOL
$variable2 = str_replace("tobanned", "toremplaze", $variable1);
@John
sir is that the code on how to fix the sql injection problem?
No exactly, with this, they can be guided to create anti injection code.
People here do not want to be guided, they want the solution, lol
Yeah I agree but sometimes I really would like to help too. Better to exchange ideas.
You are absolutely right, it's a shame that no longer exist hungry people of know.
guys it is pretty simple to fix this issue. get rid of the get method and use post
Reply With Quote