SteveDave Posted May 27, 2009 Posted May 27, 2009 I have someone on my game using a SQL injection to get other users Login names as well as their passwords, They're doing it just to make my life harder for banning them from the game a few months ago. I'm not sure exactly what they are doing but something about a MD5 hash? I already changed the IP thing in a lot of pages, maybe I missed one? What are all the pages you are supposed to change? Or could this be a different problem? Thanks guys. Quote
ShizzleNizzle Posted May 27, 2009 Posted May 27, 2009 Re: Getting hacked (SQL Injection) I'd say it's your forum's. A common place for script kiddies. They get any user's MD5 password hash then decrypt it. (this can be used to to pretty much anything) Quote
SteveDave Posted May 27, 2009 Author Posted May 27, 2009 Re: Getting hacked (SQL Injection) Is there any fixes for this or has anyone released a secured forum? Quote
Haunted Dawg Posted May 27, 2009 Posted May 27, 2009 Re: Getting hacked (SQL Injection) add in header for quick fix: $_GET['viewforum'] = abs(@intval($_GET['viewforum'])); $_GET['viewtopic'] = abs(@intval($_GET['viewtopic'])); Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.