Can anybody hack ...

09/19/2014 05:32 Paristôn#1
Guys, i wanna ask a question
is anybody able to control all the accounts inside my database
just with using THE REGISTRATION PAGE?

Yeah, that's completely happened
yesterday i got a VPS
Then i setup my source on it.. after using a registration page. somebody got inside the game and blackmailed me .. MONEY OR (ACCOUNTS) would be Deleted
i thought, why hadn't he mention "SOURCE" would be deleted .. that's because he isn't able to COMPLETELY control it

he can only get control with THE DATABASE > ACCOUNTS table.

So, there are some kind of hack like that?
If yes, how can i protect myself?

thanks

Somekind of SQL Injection?
can inject num 4 inside STATe column?
09/19/2014 05:36 Spirited#2
It depends on how the registration page was programmed. If you got it with the source... there's a high likelihood that it's susceptible to SQL injection.
09/19/2014 05:43 Paristôn#3
I just downloaded it from a stupid source online.
I already don't know who is the programmer. But, bro if it's like we thought.. is he able to control the server like that?
to make a GM? To log into my account while i was online with my GM?
is he able to do somethings like these?


He couldn't go though the VPS. he wasn't able to use it!!
09/19/2014 05:50 JaniQ#4
Quote:
Originally Posted by Paristôn View Post
I just downloaded it from a stupid source online.
I already don't know who is the programmer. But, bro if it's like we thought.. is he able to control the server like that?
to make a GM? To log into my account while i was online with my GM?
is he able to do somethings like these?


He couldn't go though the VPS. he wasn't able to use it!!
If he had already got the accounts table he would probably know what's with in it

Not sure if he can possibly edit it..
09/19/2014 05:54 OverKillasdwqe#5
SQLI gives him access to your whole database, so yeah if you don't know much about SQLI you are fucked until you cover your ass up

then the next step he would most likely search for public exploits on metasploit and openvas then pretty much gets in one more time so yeah if you want to get one step ahead of him you should do that first and cover your ass

and oh my it's it's like the whole information you guys will ever need is just right there sitting infront of you and no one bother to actually learn, god knows how many servers i've scanned and got access to with "PUBLIC" exploits on simple gui tools :\ sigh
09/19/2014 05:55 Paristôn#6
I can't understand anything i got confused... where is the exploit where is excatly it? :(
09/19/2014 05:57 OverKillasdwqe#7
SQLI is sql injection SQL injection - Wikipedia, the free encyclopedia
and using google would be great for step by step tutorials "how to stop sql injection"
[Only registered and activated users can see links. Click Here To Register...]

and then to verify use some like havij or do it manually from a browser
09/19/2014 06:00 Paristôn#8
I know that, but i'm speaking about .. is the exploit really in the Website?
i'm worry, it might be in the source that i tried to develop itself.
or it might be that he hacked the vps

so specifically i don't know what's going on?!
09/19/2014 06:03 OverKillasdwqe#9
Quote:
Originally Posted by Paristôn View Post
I know that, but i'm speaking about .. is the exploit really in the Website?
i'm worry, it might be in the source that i tried to develop itself.
or it might be that he hacked the vps

so specifically i don't know what's going on?!
you didn't bother reading the links
so spoon feeding 101

it's at the website
another website could fix that "problem"
then verify your website before you make it live

and yes he could find more exploits to get into the vps (ex. port 80 with old appachi and shit) which is what i've said at the very start and i told you what skids around doing this days so you could do it first and how to cover your ass and be one step ahead of him
09/19/2014 06:17 Paristôn#10
So, as an instant solution .. can anybody give me a trusted Registration Page for above 5500+ sources? :)
09/19/2014 06:22 OverKillasdwqe#11
Quote:
Originally Posted by Paristôn View Post
So, as an instant solution .. can anybody give me a trusted Registration Page for above 5500+ sources? :)
seriously ? why don't i just do it for you ? "that was sarcasm"

again spoon feed 101

search for another page, upload it
download on your pc a software called havij (please don't download a rat and make it worse)
check if it's secure (*FOR DUMMIES* i mean the website with the havij tool, just installing the tool on your pc won't make your vps server secure)
if yes then you are done
else repeat all over again

you can also do it manually (the SQLI test)
here
[Only registered and activated users can see links. Click Here To Register...]

or even post me the link and ill check it for you
09/19/2014 06:25 Paristôn#12
Won't that harm my main computer?
09/19/2014 06:27 OverKillasdwqe#13
Quote:
Originally Posted by Paristôn View Post
Won't that harm my main computer?
then do it manually ?

[Only registered and activated users can see links. Click Here To Register...]

i've said that before, do you even bother to read what i say ?

and no it won't if you downloaded the right software or even any trusted tool from trusted website to check for sql injection, hundreds of them is out there with user friendly simple gui

edit: try this online tool [Only registered and activated users can see links. Click Here To Register...]
duno if it's accurate or not but if you don't want to do effort then don't really bother about accuracy
09/19/2014 06:29 Paristôn#14
I'm very thankful,
Thank you ^_^
09/20/2014 16:44 Thorev#15
Just post the link of your website here and watch the master plan unfold.