| List: | General Discussion | « Previous MessageNext Message » | |
| From: | Pintér Tibor | Date: | November 18 2009 8:50pm |
| Subject: | Re: MySQL being hacked with commands through URL | ||
| View as plain text | |||
James Coffman wrote: > Hello all, > > My website has been hacked using a url such as: > -1%20union%20all%20select%201,2,concat(username,char(58),password),4,5,6%20f > rom%20users-- . > > > > I have been searching on the web for a solution/fix to this issue and I > cannot seem to find one. The command above is showing all usernames and > passwords (in hashes) and I am not comfortable with that at all! Is there > anyone out there that may be able to help or may be able to point me in the > direction that I need to go in order to correct this issue? http://en.wikipedia.org/wiki/SQL_injection its not a mysql issue, but an application issue t
| Thread | ||
|---|---|---|
| • MySQL being hacked with commands through URL | James Coffman | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Wm Mussatto | 18 Nov |
| • RE: MySQL being hacked with commands through URL | James Coffman | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Michael Dykman | 18 Nov |
| • RE: MySQL being hacked with commands through URL | James Coffman | 19 Nov |
| • Re: MySQL being hacked with commands through URL | Gary Smith | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Tompkins Neil | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Johan Gant | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Pintér Tibor | 18 Nov |
| • RE: MySQL being hacked with commands through URL | Michael.Coll-Barth | 18 Nov |
| • RE: MySQL being hacked with commands through URL | Michael.Coll-Barth | 18 Nov |
| • Re: MySQL being hacked with commands through URL | Wm Mussatto | 18 Nov |
| • RE: MySQL being hacked with commands through URL | James Coffman | 19 Nov |