Guys, i wanna ask a question
is anybody able to control all the accounts inside my database
just with using THE REGISTRATION PAGE?
Yeah, that's completely happened
yesterday i got a VPS
Then i setup my source on it.. after using a registration page. somebody got inside the game and blackmailed me .. MONEY OR (ACCOUNTS) would be Deleted
i thought, why hadn't he mention "SOURCE" would be deleted .. that's because he isn't able to COMPLETELY control it
he can only get control with THE DATABASE > ACCOUNTS table.
So, there are some kind of hack like that?
If yes, how can i protect myself?
thanks
Somekind of SQL Injection?
can inject num 4 inside STATe column?
It depends on how the registration page was programmed. If you got it with the source... there's a high likelihood that it's susceptible to SQL injection.
I just downloaded it from a stupid source online.
I already don't know who is the programmer. But, bro if it's like we thought.. is he able to control the server like that?
to make a GM? To log into my account while i was online with my GM?
is he able to do somethings like these?
He couldn't go though the VPS. he wasn't able to use it!!
I just downloaded it from a stupid source online.
I already don't know who is the programmer. But, bro if it's like we thought.. is he able to control the server like that?
to make a GM? To log into my account while i was online with my GM?
is he able to do somethings like these?
He couldn't go though the VPS. he wasn't able to use it!!
If he had already got the accounts table he would probably know what's with in it
SQLI gives him access to your whole database, so yeah if you don't know much about SQLI you are ****** until you cover your *** up
then the next step he would most likely search for public exploits on metasploit and openvas then pretty much gets in one more time so yeah if you want to get one step ahead of him you should do that first and cover your ***
and oh my it's it's like the whole information you guys will ever need is just right there sitting infront of you and no one bother to actually learn, *** knows how many servers i've scanned and got access to with "PUBLIC" exploits on simple gui tools :\ sigh
I know that, but i'm speaking about .. is the exploit really in the Website?
i'm worry, it might be in the source that i tried to develop itself.
or it might be that he hacked the vps
I know that, but i'm speaking about .. is the exploit really in the Website?
i'm worry, it might be in the source that i tried to develop itself.
or it might be that he hacked the vps
so specifically i don't know what's going on?!
you didn't bother reading the links
so spoon feeding 101
it's at the website
another website could fix that "problem"
then verify your website before you make it live
and yes he could find more exploits to get into the vps (ex. port 80 with old appachi and ****) which is what i've said at the very start and i told you what skids around doing this days so you could do it first and how to cover your *** and be one step ahead of him
So, as an instant solution .. can anybody give me a trusted Registration Page for above 5500+ sources?
seriously ? why don't i just do it for you ? "that was sarcasm"
again spoon feed 101
search for another page, upload it
download on your pc a software called havij (please don't download a rat and make it worse)
check if it's secure (*FOR DUMMIES* i mean the website with the havij tool, just installing the tool on your pc won't make your vps server secure)
if yes then you are done
else repeat all over again
i've said that before, do you even bother to read what i say ?
and no it won't if you downloaded the right software or even any trusted tool from trusted website to check for sql injection, hundreds of them is out there with user friendly simple gui
edit: try this online tool
duno if it's accurate or not but if you don't want to do effort then don't really bother about accuracy
