• Unfortunately, we have experienced significant hard drive damage that requires urgent maintenance and rebuilding. The forum will be a state of read only until we install our new drives and rebuild all the configurations needed. Please follow our Facebook page for updates, we will be back up shortly! (The forum could go offline at any given time due to the nature of the failed drives whilst awaiting the upgrades.) When you see an Incapsula error, you know we are in the process of migration.

[Help] DMNCMS Injections

M

MaF1oZo

Newbie Spellweaver
Joined
Oct 19, 2016
Messages
19
Reaction score
0
Hi all,who know any dmncms holes,for sql inj and write how to fix it?i read today that some hole at market,is it true?
 
Sort by date Sort by votes

Zaseth

Newbie Spellweaver
Joined
Oct 7, 2018
Messages
30
Reaction score
4
You should make sure every query is prepared and every query using user input data should be escaped and checked for regex.
 
Upvote 0
M

MaF1oZo

Newbie Spellweaver
Joined
Oct 19, 2016
Messages
19
Reaction score
0
4 time my db,ports are close.From server too can't drop db,only site..forum at another hosting.any ideas?
 
Upvote 0

Zaseth

Newbie Spellweaver
Joined
Oct 7, 2018
Messages
30
Reaction score
4
If your stuff is written in PHP, put in every .php file using MySQL the following line after the beginning of the script:

PHP: 
error_reporting(-1);

This will print any error. Do note that everyone can see those errors. Let us know what errors you're getting.
 
Upvote 0
S

solarismu

Experienced Elementalist
Joined
May 4, 2017
Messages
219
Reaction score
318
Sql injections are not errors. You will catch nothing in error log. Try to log all sql queries executed, and see what happened
 
Last edited:
Upvote 0

Zaseth

Newbie Spellweaver
Joined
Oct 7, 2018
Messages
30
Reaction score
4
@solarismu

Every MySQL error is captured. When you put an apostrophe in the query, it'll always generate an error. That's why OP should put an apostrophe wherever he can in-site and use a vulnerability scanner for PoC.
 
Upvote 0
You must log in or register to reply here.