SQL Injections

[MeTi]

Re: [Guide] SQL injections

Decent thread - however, the common problem why so many holes are discovered is because over 80% of the servers are currently based on Mu Web. It is a decent script, but like any other script - it requires modifications.

Do yourself a favour - use these scripts but try to improve the script in terms of security - once you've gathered some basic HTML/CSS knowledge and basic PHP - then I'd suggest you go create your own web site.

Meti

 

[Faronnia]

Re: [Guide] SQL injections

Decent thread - however, the common problem why so many holes are discovered is because over 80% of the servers are currently based on Mu Web. It is a decent script, but like any other script - it requires modifications.

Do yourself a favour - use these scripts but try to improve the script in terms of security - once you've gathered some basic HTML/CSS knowledge and basic PHP - then I'd suggest you go create your own web site.

Meti

The lastest MuToolz will be secure at least for a while,and I have a feeling john_d will be updating them regularly.

Anyways,hurrypoker,good guide.Your other guides are also pretty cool respect

 

[MeTi]

Re: [Guide] SQL injections

The lastest MuToolz will be secure at least for a while,and I have a feeling john_d will be updating them regularly.

Anyways,hurrypoker,good guide.Your other guides are also pretty cool respect

John has more experience in this field - and know how to secure a script properly. However - as this will be a component that is basically installed on a Content Management System (in this case, Joomla) - you would have to secure the Joomla script. And Joomla is currently one of the largest, and well-known content management systems - so you will need to know how to properly apply work on the security.


John is coding a component not a complete web site - so basically the "bridge" will be secured as I do believe John has the experience required to secure such bridge - but the Joomla script will have to be secured by their respective server operators. However - Joomla is updated frequently and if you regularly update your Joomla copy you decrease the chance of possible security holes - but there's always ways to get in.

Meti

 

[usser92]

Re: [Guide] SQL injections

Every good hacker knows this info.And there are many good hackers.
Learns what a hacker learns,think like a hacker thinks,and then you will understand how to protect yourself I am scarred shitless of hackers.You should see the precautions I take....I impress myself on what I do not to get hacked in any ways tt1:

hackers is alwasy 1 step infront of "coders" that i thing

 

[HurryPoker]

Re: [Guide] SQL injections

hackers is alwasy 1 step infront of "coders" that i thing WRONG!

The coders are the real hackers!

 

[HurryPoker]

Re: [Guide] SQL Injections

boing! bump up!

 

[Diabolik]

Re: [Guide] SQL Injections

IT`S JUST ONLY STOP THE SQL so.... bad luck )

 

[bogdan2150]

Re: [Guide] SQL Injections

RO: bwahahhahaha.
Ma sparg de ras! Oricum, ai inceput bine treaba! Vezi ca mai sunt si alte chestii de acoperit, nu doar panaramele de muweburi facute de =Master=... spre ex: in mu web 0.7 sau 0.8 poti teleporta pe cine vrei si unde vrei cu doar 2 clicuri
In rest, ca sa nu fie panica prea mare... mai bine va configurati singuri un server apache + php, nu folositi XAMPP, de ce? other sql injections!


EN: Good job! keep up the good work. Remember, always wash your hands and use custom made sites, not mu web and related crap.


I hack for fun, you?

 

[Mecanik]

Oky i made a littel test for your sql!
How is work?
Simple!
Go to web page => Register new Account => Add account info!
BUT! BUT in e-mail add this code:

'';shutdown;--

Then click: Create New Account!
If your web is not secured in 5---10 seconds your SQL will sleep!SQL SHOTDOWN!
Or you can do same sh*t to: web page =>Lost Password=> Add account info! in e-mail add this code:

'';shutdown;--

Sorry mate,but in MSSQL 2005 it`s

;shutdown;--

,and not

'';shutdown;--

,and it really works if you insert this in the "Change Password" section,if there is any...(you have to be logged on)

 

[dragiukas]

Really nice guide.