Exploit SQL Injection webzonegamerz Ranking

[A v a r a]

You can also use arrays like:

$dios_options = array(
    0 => 'All',
    1 => 'Brahma',
    4 => 'Shiva',
    2 => 'Vishnu',
);

 

[dTantra]

That won't really fix it, you can use websites like

You must be registered to see links

To send post and or get to any website.

If you want to fix it, at the top of the script just connect to a mysql database first and run the following php.

    foreach ($_GET as $key => $value) 
    { 
        $_GET[$key] = mysql_real_escape_string($value); 
    }
    foreach ($_POST as $key => $value)
    {
        $_POST[$key] = mysql_real_escape_string($value); 
    }

If that does not fix it by escaping all none acceptable characters, then post me the document in question.

 

[alxndr]

(PHP 4 >= 4.3.0, PHP 5)
mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement
[CODE]
Warning
This extension is deprecated as of PHP 5.5.0, and will be removed in the future.
Instead, the MySQLi or PDO_MySQL extension should be used.
See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
[LIST]
[*]mysqli_real_escape_string()
[*]PDO::quote()
[/LIST]

[/CODE]

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

dTantra all the websites that were released here work with MSSQL not MySQL. If you want to scape characters on MSSQL you must use two single quotes. But the problem here is not exploiting a string variable, instead what is being exploited is an int variable so escaping characters doesn't help to much if the injection method is using HEX as the video above.

 

[arbeats]

did they ( owner of the said server ) fixed this already?

 

[dTantra]

/snip

If you want it fixed just post to me the script as I don't have or use it and i'll write a fix for everyone else.

 

[alxndr]

@dTantra sorry if i got you mad, that was not my intention. Providing a script to avoid sql injection is not going to help here. Why?. Coz' most of people here don't know how to implement it. Webzonegamerz has a class sql_inject.php that if we get a bit of time to read it we could implement it flawlessly and avoid this kind of problem.

To put a bit of fun to the post the call to this class is commented on the header.php

<?php
//ob_start(); 
require_once('anti_dos.php');
//require_once('sql_inject.php');
require_once('antishell.class.php');
require_once('Block.php');
require_once('floodshell.php');
//require_once('proxx.class.php');
?>

 

[dTantra]

@dTantra sorry if i got you mad, that was not my intention. Providing a script to avoid sql injection is not going to help here. Why?. Coz' most of people here don't know how to implement it. Webzonegamerz has a class sql_inject.php that if we get a bit of time to read it we could implement it flawlessly and avoid this kind of problem.

To put a bit of fun to the post the call to this class is commented on the header.php

<?php
//ob_start(); 
require_once('anti_dos.php');
//require_once('sql_inject.php');
require_once('antishell.class.php');
require_once('Block.php');
require_once('floodshell.php');
//require_once('proxx.class.php');
?>

Why on earth would you think I was mad? I have never looked at or used the script in question, I understand tantra uses mssql, but I figured most websites run off of mysql, that is why I provided an attempted fix that would work off of that mysql. Since it did not solve the problem in question, I was simply asking for someone to post the php file with the problem and I would provide them a proper fix.

 

[alxndr]

Well then, sorry for misunderstanding

 

[heterojeneo]

Fix problem sql inject only using this tantra BDS

You must be registered to see links

<<< BDS FIX ORIGINAL

You must be registered to see links

<<< BDS FIX WEB ZONEGAMERZ

You must be registered to see links

<<< Using web admin fix news.

regards.

 

[A v a r a]

did they ( owner of the said server ) fixed this already?

Yes they already did. Are you planning to inject? lmao!

 

[Terrified]

My opinion is to Design your own website. it is less harmful since you are the designer. If you get it on other website, most likely you will encounter sql injections. - just an opinion though.

 

[John]

My opinion is to Design your own website. it is less harmful since you are the designer. If you get it on other website, most likely you will encounter sql injections. - just an opinion though.

The unique method to prevent injection SQL is learn php. Or depending of the language code of the web.

 

[Terrified]

learn php-mysql and php-mssql and understand that characters in ACII does give your server the opening for sql attacks.

 

[andre100490]

yo quisiera aprender si me enseñan xD

 

[DEMONbunta]

can anyone here can teach me how to put taney to my account via sql injection? ill use this method for my friend's offline server because he said he will not give me taney. someone help me please.. this is my email. strong_romz@yahoo.com

 

[jbeitz107]

Sorry but, this is not a hack site.

 

[Lunatic]

can anyone here can teach me how to put taney to my account via sql injection? ill use this method for my friend's offline server because he said he will not give me taney. someone help me please.. this is my email. strong_romz@yahoo.com

HAHAH ! Lmao