as the title
as the title
There are many ways,
One of the more used one seems to be sql injection thru a website, where they basically tell the sql server to create a windows user for them, where the sql server has windows command execution on. Then they log directly into the server thru RDP which is enabled on default port, like always.
Another one is social engineering, where an ex-member sells the files or a sinister guy joins the team with the plan to steal the files.
Alpha, how to avoid that thing about SQL?
http:://google.comOriginally Posted by RonaldinhoR9
Theres many-many things. Some of them:
http://ee1.php.net/mysql_real_escape_string
You could also use string length and not allow anything over like 16 chars.
so many ways to bypass sqli defenses!
Reply With Quote
