|
You last visited: Today at 13:28
Advertisement
Can anybody hack ...
Discussion on Can anybody hack ... within the CO2 Private Server forum part of the Conquer Online 2 category.
09/19/2014, 05:32
|
#1
|
elite*gold: 0
Join Date: Sep 2014
Posts: 101
Received Thanks: 51
|
Can anybody hack ...
Guys, i wanna ask a question
is anybody able to control all the accounts inside my database
just with using THE REGISTRATION PAGE?
Yeah, that's completely happened
yesterday i got a VPS
Then i setup my source on it.. after using a registration page. somebody got inside the game and blackmailed me .. MONEY OR (ACCOUNTS) would be Deleted
i thought, why hadn't he mention "SOURCE" would be deleted .. that's because he isn't able to COMPLETELY control it
he can only get control with THE DATABASE > ACCOUNTS table.
So, there are some kind of hack like that?
If yes, how can i protect myself?
thanks
Somekind of SQL Injection?
can inject num 4 inside STATe column?
|
|
|
09/19/2014, 05:36
|
#2
|
elite*gold: 12
Join Date: Jul 2011
Posts: 8,211
Received Thanks: 4,114
|
It depends on how the registration page was programmed. If you got it with the source... there's a high likelihood that it's susceptible to SQL injection.
|
|
|
09/19/2014, 05:43
|
#3
|
elite*gold: 0
Join Date: Sep 2014
Posts: 101
Received Thanks: 51
|
I just downloaded it from a stupid source online.
I already don't know who is the programmer. But, bro if it's like we thought.. is he able to control the server like that?
to make a GM? To log into my account while i was online with my GM?
is he able to do somethings like these?
He couldn't go though the VPS. he wasn't able to use it!!
|
|
|
09/19/2014, 05:50
|
#4
|
elite*gold: 0
Join Date: Apr 2014
Posts: 117
Received Thanks: 90
|
Quote:
Originally Posted by Paristôn
I just downloaded it from a stupid source online.
I already don't know who is the programmer. But, bro if it's like we thought.. is he able to control the server like that?
to make a GM? To log into my account while i was online with my GM?
is he able to do somethings like these?
He couldn't go though the VPS. he wasn't able to use it!!
|
If he had already got the accounts table he would probably know what's with in it
Not sure if he can possibly edit it..
|
|
|
09/19/2014, 05:54
|
#5
|
elite*gold: 0
Join Date: Jun 2014
Posts: 69
Received Thanks: 13
|
SQLI gives him access to your whole database, so yeah if you don't know much about SQLI you are ****** until you cover your *** up
then the next step he would most likely search for public exploits on metasploit and openvas then pretty much gets in one more time so yeah if you want to get one step ahead of him you should do that first and cover your ***
and oh my it's it's like the whole information you guys will ever need is just right there sitting infront of you and no one bother to actually learn, *** knows how many servers i've scanned and got access to with "PUBLIC" exploits on simple gui tools :\ sigh
|
|
|
09/19/2014, 05:55
|
#6
|
elite*gold: 0
Join Date: Sep 2014
Posts: 101
Received Thanks: 51
|
I can't understand anything i got confused... where is the exploit where is excatly it?
|
|
|
09/19/2014, 05:57
|
#7
|
elite*gold: 0
Join Date: Jun 2014
Posts: 69
Received Thanks: 13
|
SQLI is sql injection SQL injection - Wikipedia, the free encyclopedia
and using google would be great for step by step tutorials "how to stop sql injection"
and then to verify use some like havij or do it manually from a browser
|
|
|
09/19/2014, 06:00
|
#8
|
elite*gold: 0
Join Date: Sep 2014
Posts: 101
Received Thanks: 51
|
I know that, but i'm speaking about .. is the exploit really in the Website?
i'm worry, it might be in the source that i tried to develop itself.
or it might be that he hacked the vps
so specifically i don't know what's going on?!
|
|
|
09/19/2014, 06:03
|
#9
|
elite*gold: 0
Join Date: Jun 2014
Posts: 69
Received Thanks: 13
|
Quote:
Originally Posted by Paristôn
I know that, but i'm speaking about .. is the exploit really in the Website?
i'm worry, it might be in the source that i tried to develop itself.
or it might be that he hacked the vps
so specifically i don't know what's going on?!
|
you didn't bother reading the links
so spoon feeding 101
it's at the website
another website could fix that "problem"
then verify your website before you make it live
and yes he could find more exploits to get into the vps (ex. port 80 with old appachi and ****) which is what i've said at the very start and i told you what skids around doing this days so you could do it first and how to cover your *** and be one step ahead of him
|
|
|
09/19/2014, 06:17
|
#10
|
elite*gold: 0
Join Date: Sep 2014
Posts: 101
Received Thanks: 51
|
So, as an instant solution .. can anybody give me a trusted Registration Page for above 5500+ sources?
|
|
|
09/19/2014, 06:22
|
#11
|
elite*gold: 0
Join Date: Jun 2014
Posts: 69
Received Thanks: 13
|
Quote:
Originally Posted by Paristôn
So, as an instant solution .. can anybody give me a trusted Registration Page for above 5500+ sources?
|
seriously ? why don't i just do it for you ? "that was sarcasm"
again spoon feed 101
search for another page, upload it
download on your pc a software called havij (please don't download a rat and make it worse)
check if it's secure (*FOR DUMMIES* i mean the website with the havij tool, just installing the tool on your pc won't make your vps server secure)
if yes then you are done
else repeat all over again
you can also do it manually (the SQLI test)
here
or even post me the link and ill check it for you
|
|
|
09/19/2014, 06:25
|
#12
|
elite*gold: 0
Join Date: Sep 2014
Posts: 101
Received Thanks: 51
|
Won't that harm my main computer?
|
|
|
09/19/2014, 06:27
|
#13
|
elite*gold: 0
Join Date: Jun 2014
Posts: 69
Received Thanks: 13
|
Quote:
Originally Posted by Paristôn
Won't that harm my main computer?
|
then do it manually ?
i've said that before, do you even bother to read what i say ?
and no it won't if you downloaded the right software or even any trusted tool from trusted website to check for sql injection, hundreds of them is out there with user friendly simple gui
edit: try this online tool
duno if it's accurate or not but if you don't want to do effort then don't really bother about accuracy
|
|
|
09/19/2014, 06:29
|
#14
|
elite*gold: 0
Join Date: Sep 2014
Posts: 101
Received Thanks: 51
|
I'm very thankful,
Thank you ^_^
|
|
|
09/20/2014, 16:44
|
#15
|
elite*gold: 0
Join Date: Apr 2014
Posts: 245
Received Thanks: 273
|
Just post the link of your website here and watch the master plan unfold.
|
|
|
All times are GMT +2. The time now is 13:28.
|
|