Latest posts for the topic "SQL Injection Exploit"

SQL Injection Exploit

Webmaster — GMT

Please read:

[url]http://beckspaced.com/gb_fix/index.php[/url]

Anonymous — GMT

Here is a very simple quick fix. Just rename the admin.php file to something different

for example

54RtFgvb.php

and then update line 25 in /admin/config.inc.php

Anonymous — GMT

forgot to add, remove all links to the admin. otherwise it will show the new name for the admin file in the link

Jared — GMT

Tired of being hacked?

Guide to the ultimate protection.

1) create new file and name it anything you want .php
2) insert this code (comes straight from proxy2.de site)

[code]
// include this file where you want to limit access.

$username = "test";
$password = "123";

function authenticate() {
Header( "WWW-authenticate: basic realm=\"Protected\"");
Header( "HTTP/1.0 401 Unauthorized");
echo "You must enter a valid login ID and password!\n";
exit;
}

function CheckPwd($user,$pass) {
global $username,$password;
return ($user != $username || $pass != $password) ? false : true;
}

if(!isset($PHP_AUTH_USER)) {
authenticate();
}
elseif(!CheckPwd($PHP_AUTH_USER,$PHP_AUTH_PW)) {
authenticate();
}
?>
[/code]

4)
open up admin.php and on the second line directly after place this

[code]include "/home/httpd/yourhost/yourdomainpath/www/guestbook/password_file.php";[/code]

now, make sure that the password in the authentication file matches YOUR password to the guestbook.

5) rename the admin.php to something other than admin.php
6) update /admin/config.inc.php file to reflect the new name of admin.php file
7) remove any and all links in guestbook to administration area

8)guestbook is completly secured from everyone...except you.

exploit

Anonymous — GMT

i was not able to hack into my own guestbook using the info provided

Jared — GMT

If the authentication user name and password do not match the guestbook admin user name and password, you will never be able to get in.

Make sure both password sets match...otherwise you are right, not even you will get in.