Note i didn't make this mo Posted March 17, 2008 Posted March 17, 2008 In MY Latest Bid To Stop Sql Injections On All Games I Have Devised The Follwoing Topic Enjoy :) Are You Sick Of Sql Injectors ? Wont To Get Rid Of All Sql Injections ? Well I Get The Answer To Every Possible Sql Injection On The Markets Possible In 3 Easy Lines Thanks To Killah Who Deserves Most Credit For This First Of All Open Header.php Secondly Find The Following Code You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. And Underneath Add You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. And Your Game Will Be Secure From The Forum Hack And All Market Hacks Thanks Alot The Prince Quote
iseeyou94056 Posted March 17, 2008 Posted March 17, 2008 Re: My Newist Discovery dude what the hell u got the from kyle Quote
Guest Anonymous Posted March 17, 2008 Posted March 17, 2008 Re: My Newist Discovery And Your Game Will Be Secure From The Forum Hack And All Market Hacks Hmm, I'd take that one under advisement. If you can guarantee it, and back it up with legal paperwork - great. Even my own systems which run on specially security hardened BSD boxes are only 99.99% proof against attack. One day, I'll discover that last .01% ... I *know* there are people better than me out there - just not that many of them I hope! Quote
-Matt- Posted March 17, 2008 Posted March 17, 2008 Re: My Newist Discovery *Kyles Pissed Off Now* Quote
Haunted Dawg Posted March 17, 2008 Posted March 17, 2008 Re: My Newist Discovery Well iseeyou i am kyle in the first place and nyna that atleast stops all sql injections most known to rpg games wich are done via the cmarket.php if you want to know how its done just pm me nyna. I have a better one that secures all posts and all gets wich i am selling for $10 but meh. And no matt im not pissed off. I dont see why my i must contribute stuff to here when so called "friends" hate me. :lol: Quote
Haunted Dawg Posted March 17, 2008 Posted March 17, 2008 Re: My Newist Discovery BTW for those who want to know the click click BOOM code: if($_GET['ID'] != abs(@intval($_GET['ID']))) { die("click... click... KABOOM!"); } Quote
Note i didn't make this mo Posted March 17, 2008 Author Posted March 17, 2008 Re: My Newist Discovery lol i told you killah did this lols your so quick to accuse people on this forum just chillax and enjoy it whilst you can Quote
Guest Anonymous Posted March 17, 2008 Posted March 17, 2008 Re: My Newist Discovery if you want to know how its done just pm me nyna Erm... I think I can manage to stop attacks way in advance of basic SQL injection boys... Didn't I say - I've been running 16+ public facing servers all running database applications for a few years - perhaps not - Anyway, I have not had a single attack get in - plenty have tried but all have failed - And yes, I will lay that down as a challenge. I'm not frightened, simply because a) I understand the risks, and b) I'm pretty sure what I've written is spot on. Quote
Haunted Dawg Posted March 17, 2008 Posted March 17, 2008 Re: My Newist Discovery No i wanted to know if you wanted to know what the exploit is so in further on in the year if some one asks you to secure there game you know where to secure 1 part of it. Quote
Isomerizer Posted March 17, 2008 Posted March 17, 2008 Re: My Newist Discovery Hmmm.. I have a better one that secures all posts and all gets wich i am selling for $10 but meh. And no matt im not pissed off. I dont see why my i must contribute stuff to here when so called "friends" hate me. :lol: Is it something like.... You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote
Haunted Dawg Posted March 18, 2008 Posted March 18, 2008 Re: My Newist Discovery Nope my code is longer than that. Quote
Halo Posted March 23, 2008 Posted March 23, 2008 Re: My Newist Discovery Thanks for thta mate i was trying to find out how to stop it Quote
riderdaz Posted May 26, 2008 Posted May 26, 2008 Re: My Newist Discovery nyna I don't want to seem like a twat but your always dissing others sql protection saying how good yours is why don't you explain nice and simple how we can protect our games and other sites Quote
Akash Posted May 27, 2008 Posted May 27, 2008 Re: My Newist Discovery Well one reason is probably because she'd be here forever trying to secure mc. Do you really think she can be arsed to do the work for everyone when they can go and learn PHP security themselves? Quote
Delete ! Posted May 27, 2008 Posted May 27, 2008 Re: My Newist Discovery Daz you do make a very good argument although i'v seen some of nyna's work and it is very good dont get me wrong but the fact that people are trying to share there knowledge with other people and your doubting it is very wrong . =] Quote
topmorpg Posted May 27, 2008 Posted May 27, 2008 Re: My Newist Discovery Lets face it people if there is a will there is a way. Its just a matter of how experienced the person trying to exploit, inject is -vs- the person trying to secure the script. There is many many ways of securing. There is simple cleaning of the submitted data, there is URL injection, form injection, and many others. It goes on and on. If its a char make sure it is if its int make sure it is Do this before it even makes it to a point of updating data. Should be the first checks ran. Do some checks on the data submitted. make sure its within case type a-_z 0-9 There is many lists and if I get the time I will post some very helpful threads. But its 2am here. Cant sleep figured I would see whats going on here. But if you take the time in learning. Ask questions. Most times someone like myself if I have the time will push you in the right direction. Or give you a good start but will not complete the entire thing for you. Hereis a really good read. Talks over many types, examples, and how to stop them. TJ Quote
topmorpg Posted May 27, 2008 Posted May 27, 2008 Re: My Newist Discovery Well iseeyou i am kyle in the first place and nyna that atleast stops all sql injections most known to rpg games wich are done via the cmarket.php if you want to know how its done just pm me nyna. I have a better one that secures all posts and all gets wich i am selling for $10 but meh. And no matt im not pissed off. I dont see why my i must contribute stuff to here when so called "friends" hate me. :lol: as an example of a different type of exploit. I know its open in the script as its not common. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. With a simple browser plug in I wont say which I can change any data I want (values) for submission and have it posted into your system. Now depending how you have the data checked ? or if it is? I can insert malicious scripting to echo or print out in there that would cause the page to error giving me some nice path info such as username Or maybe if I can get it to execute take over an admin account then have my way with information. Always make sure to validate all data pasted in forms, and urls that = true if not fail. Also if a form is $_POST and you $_GET the infor or data in any means. make sure it can not be exploited by an outside page. saving your source and posting to your page can cause harm as well. Generate a session or cookie to rotate the string and verify on submission. Sorry killah first person I ran across with a link in sig. Needed an example. But make sure you verify the submitted data if you wont already. TJ Quote
Delete ! Posted May 27, 2008 Posted May 27, 2008 Re: My Newist Discovery True but i dont see you posting any of your security anywere waht i was trying to say was This guy was trying to help prevent sql attacks on vunerable games which is more than anyone can say as i am aware only killah & -Sin- have posted security ... Quote
topmorpg Posted May 27, 2008 Posted May 27, 2008 Re: My Newist Discovery True but i dont see you posting any of your security anywere waht i was trying to say was This guy was trying to help prevent sql attacks on vunerable games which is more than anyone can say as i am aware only killah & -Sin- have posted security ... Then you are obviously not reading. I posted a way for you to learn rather then just copy and paste some code. How do you learn for later use if I just give you everything you need to do? TJ Quote
Guest Anonymous Posted May 27, 2008 Posted May 27, 2008 Re: My Newist Discovery Well said TJ - Too many cut'n'copy "coders" with few brain cells around. Protecting against most forms of injection is simple, a couple are rather difficult, and you have to re-analyze your protection mechanism on a periodic basis as the crackers get better. There are plenty of good examples of protection mentioned on this site for the basic forms (IIRC I've covered most). People should be willing to experiment and learn from these examples rather than expecting everything delivered to them on a plate. Quote
Delete ! Posted May 28, 2008 Posted May 28, 2008 Re: My Newist Discovery Im Not Going Into Conflict The Point Im Trying To Make Is He Wanted To Help Other People ... Quote
Krafty Posted July 4, 2008 Posted July 4, 2008 Re: My Newist Discovery Ok seriously..you guys think that will protect your site? Woah...step back guys Has anyone got this on their site? If so, please post in your site URL so I can attemp an inject :D Wont cause any harm though! Quote
-Matt- Posted July 4, 2008 Posted July 4, 2008 Re: My Newist Discovery Ok seriously..you guys think that will protect your site? Woah...step back guys Has anyone got this on their site? If so, please post in your site URL so I can attemp an inject :D Wont cause any harm though! Lmao is it just me or do you walk roung like you own the joint? Quote
topmorpg Posted July 9, 2008 Posted July 9, 2008 Re: My Newist Discovery Ok seriously..you guys think that will protect your site? Woah...step back guys Has anyone got this on their site? If so, please post in your site URL so I can attemp an inject :D Wont cause any harm though! its not all about sql injection there is cross site injections form injections form information injections and many others such as hex characters and more. an upload script for instance those running illegal copys of my script for instance. the offshore hosting companys that dont like to work with me and a dmca cease and desist order. I just upload a small file via an old exploit and whahla. I can delete there db, and site files. This is of coarse a measure i only take to protect my own scripts. and is not possible in latest encrypted versions to hold license which stops them from mass producing copys round the net. but in the copy that was leaked about 2 years ago. But be it as it may there are many kinds of exploitation and to be honest if someone wants in bad enough and they ahve the "FULL" understanding and knowledge they will get in one way or another. Also for gods sake disable the error reporting less your debugging something. nothing better then giving a username to start with then brute force the pass. TJ Quote
mentaljason Posted July 9, 2008 Posted July 9, 2008 Re: My Newist Discovery [Deleted, too late to meen anything.] Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.