| List: | General Discussion | « Previous MessageNext Message » | |
| From: | James Coffman | Date: | November 19 2009 5:47pm |
| Subject: | MySQL being hacked with commands through URL | ||
| View as plain text | |||
Hello all,
My website has been hacked using a url such as:
-1%20union%20all%20select%201,2,concat(username,char(58),password),4,5,6%20f
rom%20users-- .
I have been searching on the web for a solution/fix to this issue and I
cannot seem to find one. The command above is showing all usernames and
passwords (in hashes) and I am not comfortable with that at all! Is there
anyone out there that may be able to help or may be able to point me in the
direction that I need to go in order to correct this issue?
| Thread | ||
|---|---|---|
| • MySQL being hacked with commands through URL | James Coffman | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Wm Mussatto | 18 Nov |
| • RE: MySQL being hacked with commands through URL | James Coffman | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Michael Dykman | 18 Nov |
| • RE: MySQL being hacked with commands through URL | James Coffman | 19 Nov |
| • Re: MySQL being hacked with commands through URL | Gary Smith | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Tompkins Neil | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Johan Gant | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Pintér Tibor | 18 Nov |
| • RE: MySQL being hacked with commands through URL | Michael.Coll-Barth | 18 Nov |
| • RE: MySQL being hacked with commands through URL | Michael.Coll-Barth | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Wm Mussatto | 18 Nov |
| • RE: MySQL being hacked with commands through URL | James Coffman | 19 Nov |