Jump to content
MakeWebGames

jcvenom


Recommended Posts

  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

Hold on! I conducted some sql injects because I wanted to see if his stupid game had any vulnerabilities, I'm hardly going to lie about something like that loool, and so what? How does that affect my "Respect" in anyway?? Don't talk **** here, I've seen a lot of you guys trying to use XSS attacks on people's games, especially his so don't contradict yourselves if yous want to give out, I did nothing wrong, I even used my name because I've nothing to hide. So pipedown, nothing on this thread affects me it's pretty much pointless, don't you realise he's selling something with a license he made up lol that's the main reason he's here and he'll do anything to spoil someone's name. I really don't care at this point I've nothing more to say, it's people like him that ruin the community, and it's people like you that let your ego's get to you goodluck and [MENTION=68711]KyleMassacre[/MENTION] could you please lock this thread I don't wish to continue chatting with these wastemen. Thanks JC out

haha .. IllegalPigeon try xss attack .. but he don't do nothing . just show me weak spot ! then he left ! its mean he respect another game owner !

if u want to know can i sell with valid licence or not

https://www.facebook.com/ms.icecold.music?fref=ts

ask to Martin Simmons ! 100% Protection the first coder of RC engine and mine was modify upgrade coder!

Link to comment
Share on other sites

haha .. IllegalPigeon try xss attack .. but he don't do nothing . just show me weak spot ! then he left ! its mean he respect another game owner !

if u want to know can i sell with valid licence or not

https://www.facebook.com/ms.icecold.music?fref=ts

ask to Martin Simmons ! 100% Protection the first coder of RC engine and mine was modify upgrade coder!

[remove] this

Edited by W3Theory || Peter
Link to comment
Share on other sites

I've apologised and left it at that

It's not the fact that dropping a table via sql injection on a site you down own, run or work on is silly, it's illegal for christs sake. Do a bit of research. And apologising doesn't make it right. It also doesn't matter if it works or not. It's still an attempt. It's like going to facebook and trying to drop the user table there.

You'd get jailed and sued.

There's a difference between malicious hacking and ethical hacking. What you have done is malicious, what IP has done is ethical. They haven't forced any loss of data, they've made light to an exploit. If you were being ethical you wouldn't drop the table. You would maybe change your own data, or add a new column, sonething that won't **** up the app.

Link to comment
Share on other sites

It's not the fact that dropping a table via sql injection on a site you down own, run or work on is silly, it's illegal for christs sake. Do a bit of research. And apologising doesn't make it right. It also doesn't matter if it works or not. It's still an attempt. It's like going to facebook and trying to drop the user table there.

You'd get jailed and sued.

There's a difference between malicious hacking and ethical hacking. What you have done is malicious, what IP has done is ethical. They haven't forced any loss of data, they've made light to an exploit. If you were being ethical you wouldn't drop the table. You would maybe change your own data, or add a new column, sonething that won't **** up the app.

With a crude query (hint: not defining the fields before the values), adding a new column can cause data to not be inserted, thus loss of data. Don't suggest SQL injections to make any attempt ethical if you don't cover all bases ;)

Also, an SQL injection isn't always/necessarily modification of the database, it's about injecting query language into the query.

> SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

For example, if your query was supposed to be

SELECT foo FROM bar WHERE faz = 1

 

But instead it ran

SELECT foo, 5 FROM bar WHERE faz = 1

 

It's still an injection of query language

:)

Link to comment
Share on other sites

With a crude query (hint: not defining the fields before the values), adding a new column can cause data to not be inserted, thus loss of data. Don't suggest SQL injections to make any attempt ethical if you don't cover all bases ;)

Also, an SQL injection isn't always/necessarily modification of the database, it's about injecting query language into the query.

> SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

For example, if your query was supposed to be

SELECT foo FROM bar WHERE faz = 1

 

But instead it ran

SELECT foo, 5 FROM bar WHERE faz = 1

 

It's still an injection of query language

:)

Thanks for clearing that up :) I didn't even think about Select when I wrote the post

Link to comment
Share on other sites

It's not the fact that dropping a table via sql injection on a site you down own, run or work on is silly, it's illegal for christs sake. Do a bit of research. And apologising doesn't make it right. It also doesn't matter if it works or not. It's still an attempt. It's like going to facebook and trying to drop the user table there.

You'd get jailed and sued.

There's a difference between malicious hacking and ethical hacking. What you have done is malicious, what IP has done is ethical. They haven't forced any loss of data, they've made light to an exploit. If you were being ethical you wouldn't drop the table. You would maybe change your own data, or add a new column, sonething that won't **** up the app.

I totally agree, what I did was malicious and I apologise for that, I won't be doing that again, and If I do, i'll try changing my name or something not dropping tables. Anyways any idea why my query that I posted didn't work?

I presumed the code was inserting values into a tables so I closed it by typing

'); 

But then I typed this into the chat to see if it would work, note I used "--" to comment the rest of the query

'); DROP TABLE members;--
Link to comment
Share on other sites

I totally agree, what I did was malicious and I apologise for that, I won't be doing that again, and If I do, i'll try changing my name or something not dropping tables. Anyways any idea why my query that I posted didn't work?

I presumed the code was inserting values into a tables so I closed it by typing

'); 

But then I typed this into the chat to see if it would work, note I used "--" to comment the rest of the query

'); DROP TABLE members;--

The backend is treating the string as a literal string and not query language. See paramatised queries:

http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...