List:General Discussion« Previous MessageNext Message »
From:Tompkins Neil Date:November 18 2009 6:00pm
Subject:Re: MySQL being hacked with commands through URL
View as plain text  
Hi

First things first - prevent access apart from root@localhost to the users
table

Neil

On Wed, Nov 18, 2009 at 5:50 PM, Gary Smith <lists@stripped> wrote:

> James Coffman wrote:
>
>> Hello all,
>>
>>                My website has been hacked using a url such as:
>>
>> -1%20union%20all%20select%201,2,concat(username,char(58),password),4,5,6%20f
>> rom%20users-- .
>>
>>
>> I have been searching on the web for a solution/fix to this issue and I
>> cannot seem to find one.  The command above is showing all usernames and
>> passwords (in hashes) and I am not comfortable with that at all!  Is there
>> anyone out there that may be able to help or may be able to point me in
>> the
>> direction that I need to go in order to correct this issue?
>>
>>
>>
>>
> The term you're looking for is SQL injection. Pop that into Google and
> you'll get a shedload of stuff.
>
> Gary
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:
> http://lists.mysql.com/mysql?unsub=1
>
>

Thread
MySQL being hacked with commands through URLJames Coffman18 Nov
  • Re: MySQL being hacked with commands through URLWm Mussatto18 Nov
    • RE: MySQL being hacked with commands through URLJames Coffman18 Nov
      • Re: MySQL being hacked with commands through URLMichael Dykman18 Nov
        • RE: MySQL being hacked with commands through URLJames Coffman19 Nov
  • Re: MySQL being hacked with commands through URLGary Smith18 Nov
    • Re: MySQL being hacked with commands through URLTompkins Neil18 Nov
      • Re: MySQL being hacked with commands through URLJohan Gant18 Nov
  • Re: MySQL being hacked with commands through URLPintér Tibor18 Nov
RE: MySQL being hacked with commands through URLMichael.Coll-Barth18 Nov
RE: MySQL being hacked with commands through URLMichael.Coll-Barth18 Nov
Re: MySQL being hacked with commands through URLWm Mussatto18 Nov
RE: MySQL being hacked with commands through URLJames Coffman19 Nov