Please help sql injection!

[Daron]

hey i was testing an sql injection on crystal market which is: cmarket.php?action=buy&ID=2 union all select 1,99999999,0,0 it added 99999999 crystals to my account, but now i wanna undo it. anybody know the opposite sql injection to that one?

[galdikas]

why dont you just use phpmyadmin?

And just dont forget to fix that vulnerability lol

[Daron]

i dont have access to cpanel on this website. my dumb self tried it on my friend website instead of mine own. & yea i wanna fix it for him.

[galdikas]

lol i do not think it is a big deal.

Just let him know about the vulnerability. He will easily be able to fix it + he will appreciate you finding it

[bineye]

You should tell your friend to download the patched version v2.0.3 (presuming that's a 2.0.2 site and he has a legal license), and just mail him and say you done it, I'm sure he'd appreciate your honesty.

[Daron]

i told him just now, waiting for a reply *crosses fingers*

[lucky3809]

he should have had his site secured it's not your problem you found a security breach lol... He should be thankful you did so... you can replace the 9's with 1 zero should leave you with 0 crystals...

[rulerofzu]

smells like a unlicenced game to me....

[Gang-Life]

wth? cuz his friend hosting it?

[Spudinski]

It's like my farther always told me when I climb that tree in the backyard.

If you can get up by yourself, you can get down by yourself too.

Same applies to you. There is no shortcut, go google it or something...

[Gang-Life]

AND WHY WOULD YOU POST THIS now it's google #1 "Mccode SQL Injections" -______- ! ugh now i need to upgrade my security thankz!

[Redex]

Ahmm... Well you should always be looking to secure your game as much as possible, that too from such a well known hack, so i don't see what difference this thread has made?