GangLife Posted June 10, 2014 Posted June 10, 2014 I'm having trouble with a hacker lately and I can't seem to tell the difference from an hackable string from a unhackable string I know I worded wrongly but you should understand what I mean, Thanks Quote
Dayo Posted June 10, 2014 Posted June 10, 2014 check to see if the query has any variables in the query that can be inputed via the user ie $_POST, $_GET, $_REQUEST etc ... Quote
Dave Posted June 10, 2014 Posted June 10, 2014 I'm having trouble with a hacker lately and I can't seem to tell the difference from an hackable string from a unhackable string I know I worded wrongly but you should understand what I mean, Thanks I know this doesn't really answer your question, but if you still live in the world of SQL injections it's probably about time you integrated something like PDO and bind your variables into your query. There's a great write up on StackOverflow here: http://stackoverflow.com/a/60496 Quote
sniko Posted June 10, 2014 Posted June 10, 2014 Also, consider he/she may be getting staff to do some actions without their consent or knowledge via ©SRF or XSS attacks. See: https://www.owasp.org/index.php/Category:Attack Quote
GangLife Posted June 10, 2014 Author Posted June 10, 2014 Thanks Sniko you're freaking right, I think it was css after checking my support request plugin. Still believe it got in by other method since I didn't receive any requests that day. Quote
Script47 Posted June 11, 2014 Posted June 11, 2014 I know this doesn't really answer your question, but if you still live in the world of SQL injections it's probably about time you integrated something like PDO and bind your variables into your query. There's a great write up on StackOverflow here: http://stackoverflow.com/a/60496 Shame on you for not promoting our Q&A site! :p There is some good answers on here too. MWG Q&A Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.