SmokyHosts Support Forums - Webhosting and Webdesigning Support!

Posted: **Thu Jun 23, 2005 8:13 pm**

ive heard of ppl using MYSQL INJECTIONS to hack ppl chats. is there anyway to keep that from happening?

Posted: **Sun Jul 03, 2005 12:12 pm**

in sql server you can use ' or ''=' each field of username and pass

Posted: **Sun Jul 03, 2005 6:10 pm**

You can use hard password
And when you log to your file manager and see your files
You couldn't find that path /phpMyAdmin
So its absolutoly for any body to hack on your SQL
And they can hack on your SQL if you are uploading aprogramme concloude a patch
You should take care of the files that you are uploading to you host
With my best wishes:

KoRsAaN:D

Posted: **Tue Jul 12, 2005 12:35 pm**

You can read more about them on: http://www.exploitx.com

Posted: **Wed Jul 13, 2005 12:38 am**

You should also escape you querries.

Posted: **Thu Jul 14, 2005 7:00 am**

so, with escape it is safer to do mysql queries?? i'm a ltl confuzed about that :-/

Posted: **Thu Jul 14, 2005 7:46 am**

Stupid example to understand the need to escape

Suppose you have a table with the fields : id, user and is_admin
You write a simple query to change the user :
'UPDATE table SET user=\''.$user.'\' WHERE id='.$id
But if you don't espace the $user variable, a cracker could use the value : foo ' ,is_admin='true
And your querry will set its is_admin flag to true.

Posted: **Thu Jul 14, 2005 8:32 am**

so, using parameters in url adress, or somewhere else cracker can crack my db ??
if yes, than mhmmm, bad, so i will have to rewrite all my home made CMS (content managenment system) script. But, better more job on security side, then cracked page

Posted: **Thu Jul 21, 2005 9:15 am**

hey Totaled_Eclipse bad news for u them chat scripts u have nanyo fixed them so the can be hacked and in less u reeidt them u cant stop it its crunk thats hacking them he worked on the files so just better off geting new ones

Posted: **Thu Aug 25, 2005 7:33 am**

what
how should we avoid it?