Results 1 to 10 of 10

Thread: sql injection

  1. #1
    Join Date
    Oct 2008
    Posts
    2,249

    sql injection

    I had a non client send me an email about being hacked. apparently the hacker is using a program/command line and is entering this into the db:


    user=' &[email protected]&pass2=test&submit=
    create%20Account



    any way he can patch up his navicat database to stop this?
    Leader of the new anti sig spamming club.

  2. #2
    Join Date
    Aug 2000
    Posts
    2,750
    Are you running modsecurity?

  3. #3
    Join Date
    Jan 2008
    Location
    St. John's, NL
    Posts
    2,114
    Quote Originally Posted by darkeden View Post
    I had a non client send me an email about being hacked. apparently the hacker is using a program/command line and is entering this into the db:


    user=' &[email protected]&pass2=test&submit=
    create%20Account



    any way he can patch up his navicat database to stop this?
    I'm not sure how that can be considered a SQL injection as it is not trying to manipulate the database server in any way (that i can tell anyways).
    Cpanel/WHM PHP Perl Ruby Full Time Support
    LCWSoft - Canada web hosting (based in Newfoundland) since 2007
    Servers based in the US and Canada (Uptime Report)

  4. #4
    Join Date
    Oct 2008
    Posts
    2,249
    Quote Originally Posted by GeekSRV View Post
    Are you running modsecurity?
    hes running the site off a home xp computer on navicat....

    forgot to add hes running wamp with /apache and he doesnt know much about how to run a database someone else set it up for him
    Last edited by darkeden; 07-08-2009 at 05:28 PM.
    Leader of the new anti sig spamming club.

  5. #5
    Join Date
    Jan 2008
    Location
    St. John's, NL
    Posts
    2,114
    Quote Originally Posted by darkeden View Post
    hes running the site off a home xp computer on navicat....

    forgot to add hes running wamp with /apache and he doesnt know much about how to run a database someone else set it up for him
    Assuming the data is from a form on his website, the program is simply doing a POST (or GET) and the data it provides is being submitted to the database. If that is so, then he would benefit from setting up a CAPTCHA.
    Cpanel/WHM PHP Perl Ruby Full Time Support
    LCWSoft - Canada web hosting (based in Newfoundland) since 2007
    Servers based in the US and Canada (Uptime Report)

  6. #6
    Join Date
    Oct 2008
    Posts
    2,249
    Quote Originally Posted by larwilliams View Post
    Assuming the data is from a form on his website, the program is simply doing a POST (or GET) and the data it provides is being submitted to the database. If that is so, then he would benefit from setting up a CAPTCHA.
    well hes sites off wamp but hes running a free game server using a navicat database * hes telling me these things as we go along as we speak* the database on the navicat is getting hacked not the site. different database. im still kind of confused by the whole thing.
    Leader of the new anti sig spamming club.

  7. #7
    Join Date
    Jan 2008
    Location
    St. John's, NL
    Posts
    2,114
    Does he have a page where you can sign up for an account? (I am only assuming this from the content of your original post)

    user=' &[email protected]&pass2=test&submit=
    create%20Account

    Sounds like a script is calling the <form action> of a signup page and posting this in the call to it.
    Cpanel/WHM PHP Perl Ruby Full Time Support
    LCWSoft - Canada web hosting (based in Newfoundland) since 2007
    Servers based in the US and Canada (Uptime Report)

  8. #8
    Join Date
    Oct 2008
    Posts
    2,249
    Quote Originally Posted by larwilliams View Post
    Does he have a page where you can sign up for an account? (I am only assuming this from the content of your original post)

    user=' &[email protected]&pass2=test&submit=
    create%20Account

    Sounds like a script is calling the <form action> of a signup page and posting this in the call to it.
    you sign up on the website from what i see and then it makes the account in the navicat database for the actual game. they took the website offline*which was hosted on another computer* and kept the gameserver up and the hacker said hes making accounts with admin privleges with a exploit in the database.
    Leader of the new anti sig spamming club.

  9. #9
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,842
    Quote Originally Posted by darkeden View Post
    you sign up on the website from what i see and then it makes the account in the navicat database for the actual game. they took the website offline*which was hosted on another computer* and kept the gameserver up and the hacker said hes making accounts with admin privleges with a exploit in the database.
    What do you mean by "navicat database"? AFAIK Navicat is a GUI for database management, something like a desktop version of phpMyAdmin. So before you can begin to understand how the database might be getting attacked you'd need to know:
    • What and where is the actual database?
    • What is allowed to connect to it?
    • Where is Navicat running, and what's allowed to connect to that?
    • Was the website updating the database? If so, how? (through Navicat?)
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  10. #10
    Join Date
    Oct 2008
    Posts
    2,249
    Quote Originally Posted by foobic View Post
    What do you mean by "navicat database"? AFAIK Navicat is a GUI for database management, something like a desktop version of phpMyAdmin. So before you can begin to understand how the database might be getting attacked you'd need to know:
    • What and where is the actual database?
    • What is allowed to connect to it?
    • Where is Navicat running, and what's allowed to connect to that?
    • Was the website updating the database? If so, how? (through Navicat?)
    he and me dont know. he didnt set it up someone else did... the hacker told him that there was a hole in the database and the hacker is connecting from port 8080 and injecting code. he wont let me connect to his computer remotely so i dont even think we can solve it
    Leader of the new anti sig spamming club.

Similar Threads

  1. URL Injection. PLEASE help
    By leo1977 in forum VPS Hosting
    Replies: 0
    Last Post: 08-17-2007, 07:46 AM
  2. Sql Injection
    By kayz in forum Programming Discussion
    Replies: 20
    Last Post: 02-27-2007, 02:55 AM
  3. SQL Injection?
    By xcpd in forum Hosting Security and Technology
    Replies: 8
    Last Post: 03-11-2006, 07:24 AM
  4. Sql injection
    By goolex in forum Programming Discussion
    Replies: 16
    Last Post: 02-11-2006, 02:57 PM
  5. SQL Injection & PHP
    By M2ESoftworks in forum Programming Discussion
    Replies: 9
    Last Post: 09-09-2005, 03:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •