Hello, I write a script and use that on my site, but now one hacker hack my script. Changed by Hacker : 1 - change password 2 - change some section , add some articles 3 - add some text my password is in DB ,sections ,article and text also store in DB. I checked for Injection but I think that is safe for injection. Please help me to safe my script, say me another way for login or change admin password or ... Thanks
I checked log files and see hacker use this command : file.php?id=-1+UNION+SELECT+1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+admin-- use this injection I think , anyone can help me to find a way hacker hack my site ?
Is there any ways to login if you have username and MD5 password ? login form md5 password, and hacker get md5's password and username from db .
If you have access to the DB, so use some other MD5 tool to create a new password, then change the exist password in DB with the new one and you can log in to your account. If other MD5 tool can not help you, set up the script again somewhere (in another directory) then create new account. Log into DB, copy that encrypted password to the old DB and now you can log in.
You must know the data for the Mysql conection as: User name; password, server address; then you can with that a script to see on the data inside you database. Paul Weinstock http://theworld3rd.com/forum
they have just found a sql injection within your script, just use mysql_real_escape_string and that will solve your problem !