This needs to be repaired urgently
PHP Code:/ranking.php?Dios=&Order=LVL&Tribe=128%20declare%20@sql%20varchar(800)%20set%20@sql=0x(string to hex code)%20exec(@sql)%20select%201%20from%20Tantra..TantraBackup00%20where%201=1
Printable View
This needs to be repaired urgently
PHP Code:/ranking.php?Dios=&Order=LVL&Tribe=128%20declare%20@sql%20varchar(800)%20set%20@sql=0x(string to hex code)%20exec(@sql)%20select%201%20from%20Tantra..TantraBackup00%20where%201=1
Seems like one of my injection methods xd, try banning 'declare' word on your anti_sql.php
- - - Updated - - -
To see how serious it is, here is a video guys:
http://youtu.be/QtA3GyevgOw
Yeah seems so very serious.
this is too serious, so that IP and ID of Colombia, is doing injection attacks to a server where I am working ...
is just one of the server where the Alxndr shown in the video ...
The server in the video is from colombia? wow!Quote:
Originally Posted by shark-latan
i think that server already fixed .. that sql injection
I tried to help themQuote:
Originally Posted by metan0ia
I hope the owner of that server can post what he did to fix the said problem.
Hahahahahahaha LOL
Quote:
$variable2 = str_replace("tobanned", "toremplaze", $variable1);
@John
sir is that the code on how to fix the sql injection problem?
No exactly, with this, they can be guided to create anti injection code.Quote:
Originally Posted by metan0ia
People here do not want to be guided, they want the solution, lol
Yeah I agree but sometimes I really would like to help too. Better to exchange ideas.Quote:
Originally Posted by alxndr
Quote:
Originally Posted by alxndr
You are absolutely right, it's a shame that no longer exist hungry people of know.
guys it is pretty simple to fix this issue. get rid of the get method and use post