Jump to content
MakeWebGames

Mysql Injections


Jesse60905

Recommended Posts

I ned help desperately. I can't pay anyone until the end of the month so I need to know a temp fix or someone that will fix it and will trust me to pay him/her later. I need protection against MySql injections. I got the IP of the hacker but he may of been using a proxy. 142.176.57.62. If someone could post back on a price or to do it for free (either way Idc...). However if I know/think you aren't legit I will not accept your offer =/. Also the main thing I need help with is passwords (the hacker got mine and caused havoc)

Link to comment
Share on other sites

Re: Mysql Injections

Also if you don't trust me enough to fix it now (personally I wouldn't trust myself becasue I just joined this forum a few months ago) then if you possibly just give me a temp fix for passwords until I can pay for a 100% bug fix? Thank you.

Link to comment
Share on other sites

Re: Mysql Injections

Ok well I did find a site that can find passes for free and it does work. As for adding salt to the MD5... Huh...? I know what the MD5 is (the encryption for the passwords) but salt...? Isn't that a condiment...? Sorry I'm a noob (still trying to learn...)

Link to comment
Share on other sites

Re: Mysql Injections

In the DB user's [asses are displayed as numbers and letters, when a user loses password and asks me to get it i go to a MD5 decrypter to get there pass back, maybe they accessed ya DB and did it that way. Upgrade ya host to IP specific so it only lets you in thats what i did after iw as hacked

Link to comment
Share on other sites

Re: Mysql Injections

 

when a user loses password and asks me to get it i go to a MD5 decrypter to get there pass back.

So MD5 remains uncracked to this day but you have a decrypter? :roll:

Huh ? I dont get ya, I go to a site and get them decypted

Link to comment
Share on other sites

Re: Mysql Injections

 

But sometimes it doesnt yield a result and then you can pay $3 to get it

Thats sounds like a scam TBH... You cant crack MD5 you can get a big ass chart and compare but im not sure that 100% totally works for md5 anyways... All these deycrtpter sites are just huge databased of md5 hashes, hence if you put something really complex in it wont find it.

 

Also my password is a series of binary numbers. I can say it out loud and no-one can figure it out.

Very bad... A good strong password consists of

Not a dictionary word, perhaps not even a word...

A good length

MUST CONTAIN - Upper and lower case letter mixed, numbers and a few symbols.

 

He is hacking through MySql injections. I know that because he just got done doing it again. I had to fed everyone except my best admin to fix it. I have an idea of how to fix it tho...

It could be anything, there is no fix... He may be using javascript to gain access to session varibles. He may of found an exploit to upload his own files? who knows, but saying its deffintely SQL injection isnt good.

My advice to you is make sure your using mysql_real_escape_string on anything user inputted this will escape all the data , thus making it safe. If you have the magic quotes thing on then you would need to use add slashes first so you dont escape it twice...

Do that on ANYTHING user inputted and you should be okay from SQL injections...

Take a look at this post, its a really good explaination and a good starting point...

 

Sorry for my bad spelling and puncuation, its past my bed time =)

Link to comment
Share on other sites

Re: Mysql Injections

 

you dont get them decrypted

it just looks in a huge database of already known hashes to find the one that matches

But sometimes it doesnt yield a result and then you can pay $3 to get it

Interesting...

I'm sure the $3 isn't a guarentee though. Best they can do is use rainbow tables, and still it would leave a huge portion of unchecked possibilities. However... I could see how it *might* work for your game.

My suggestion would just be making your own encryptor.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...