Can anybody hack ...

Paristôn · 09/19/2014, 05:32

Guys, i wanna ask a question
is anybody able to control all the accounts inside my database
just with using THE REGISTRATION PAGE?

Yeah, that's completely happened
yesterday i got a VPS
Then i setup my source on it.. after using a registration page. somebody got inside the game and blackmailed me .. MONEY OR (ACCOUNTS) would be Deleted
i thought, why hadn't he mention "SOURCE" would be deleted .. that's because he isn't able to COMPLETELY control it

he can only get control with THE DATABASE > ACCOUNTS table.

So, there are some kind of hack like that?
If yes, how can i protect myself?

thanks

Somekind of SQL Injection?
can inject num 4 inside STATe column?

Spirited · 09/19/2014, 05:36

It depends on how the registration page was programmed. If you got it with the source... there's a high likelihood that it's susceptible to SQL injection.

Paristôn · 09/19/2014, 05:43

I just downloaded it from a stupid source online.
I already don't know who is the programmer. But, bro if it's like we thought.. is he able to control the server like that?
to make a GM? To log into my account while i was online with my GM?
is he able to do somethings like these?

He couldn't go though the VPS. he wasn't able to use it!!

JaniQ · 09/19/2014, 05:50

Quote:

Originally Posted by Paristôn

I just downloaded it from a stupid source online.
I already don't know who is the programmer. But, bro if it's like we thought.. is he able to control the server like that?
to make a GM? To log into my account while i was online with my GM?
is he able to do somethings like these?

He couldn't go though the VPS. he wasn't able to use it!!

If he had already got the accounts table he would probably know what's with in it

Not sure if he can possibly edit it..

~~OverKillasdwqe~~ · 09/19/2014, 05:54

SQLI gives him access to your whole database, so yeah if you don't know much about SQLI you are ****** until you cover your *** up

then the next step he would most likely search for public exploits on metasploit and openvas then pretty much gets in one more time so yeah if you want to get one step ahead of him you should do that first and cover your ***

and oh my it's it's like the whole information you guys will ever need is just right there sitting infront of you and no one bother to actually learn, *** knows how many servers i've scanned and got access to with "PUBLIC" exploits on simple gui tools :\ sigh

Paristôn · 09/19/2014, 05:55

I can't understand anything i got confused... where is the exploit where is excatly it?

~~OverKillasdwqe~~ · 09/19/2014, 05:57

SQLI is sql injection SQL injection - Wikipedia, the free encyclopedia
and using google would be great for step by step tutorials "how to stop sql injection"

and then to verify use some like havij or do it manually from a browser

Paristôn · 09/19/2014, 06:00

I know that, but i'm speaking about .. is the exploit really in the Website?
i'm worry, it might be in the source that i tried to develop itself.
or it might be that he hacked the vps

so specifically i don't know what's going on?!

~~OverKillasdwqe~~ · 09/19/2014, 06:03

Quote:

Originally Posted by Paristôn

I know that, but i'm speaking about .. is the exploit really in the Website?
i'm worry, it might be in the source that i tried to develop itself.
or it might be that he hacked the vps

so specifically i don't know what's going on?!

you didn't bother reading the links
so spoon feeding 101

it's at the website
another website could fix that "problem"
then verify your website before you make it live

and yes he could find more exploits to get into the vps (ex. port 80 with old appachi and ****) which is what i've said at the very start and i told you what skids around doing this days so you could do it first and how to cover your *** and be one step ahead of him

Paristôn · 09/19/2014, 06:17

So, as an instant solution .. can anybody give me a trusted Registration Page for above 5500+ sources?

~~OverKillasdwqe~~ · 09/19/2014, 06:22

Quote:

Originally Posted by Paristôn

So, as an instant solution .. can anybody give me a trusted Registration Page for above 5500+ sources?

seriously ? why don't i just do it for you ? "that was sarcasm"

again spoon feed 101

search for another page, upload it
download on your pc a software called havij (please don't download a rat and make it worse)
check if it's secure (*FOR DUMMIES* i mean the website with the havij tool, just installing the tool on your pc won't make your vps server secure)
if yes then you are done
else repeat all over again

you can also do it manually (the SQLI test)
here

or even post me the link and ill check it for you

Paristôn · 09/19/2014, 06:25

Won't that harm my main computer?

~~OverKillasdwqe~~ · 09/19/2014, 06:27

Quote:

Originally Posted by Paristôn

Won't that harm my main computer?

then do it manually ?

i've said that before, do you even bother to read what i say ?

and no it won't if you downloaded the right software or even any trusted tool from trusted website to check for sql injection, hundreds of them is out there with user friendly simple gui

edit: try this online tool

duno if it's accurate or not but if you don't want to do effort then don't really bother about accuracy

Paristôn · 09/19/2014, 06:29

I'm very thankful,
Thank you ^_^

~~Thorev~~ · 09/20/2014, 16:44

Just post the link of your website here and watch the master plan unfold.