Hello Friends, My website is infected with the SQL Injection and I have try to create clean MS SQL database using directions from the internet. However NOT available is a step by step. A document that outlines each step involved to clean and correct any XSS or SQL injection issues. I am hoping some members on this site can or will be able to convey clear directions to help with the cleaning up of a database and protect from SQL injection in a website. vBulletin Input Cleaner I have found informaiton about vBulletin Input Cleaner and added the xml file to the forum. product-testeditor.xml --- however what do I do with the other - testeditor.php vBulletin Input Cleaner I have added an xml file to the forum "testeditor" and it is listed in the plugin of the forum - Test vbEditor - I have read post about the subject, and code is offered. ---- however how is the code used? example no step by step is offer; Example (Do I have to) ENTER my hosting CPANEL Access phpMyAdmin...unclear of the rest. upon further understand "my god" .... I will make this simple... http://forums.digitalpoint.com/showthread.php?t=895509 PHP: . I do understand how huge this subject is Shit - if I understand what is involved, I will be the first to detail a step by step for the audience that needs it. Currently the information all over the net that I have found and read is documented for "HACKER". THE FIRST PERSON THAT CAN CONVEY AN ARTICULATE STEP BY STEP. will get the most traffic
hey.. i guess the following steps should solve ur problem: $_var=mysql_real_escape_string($_POST['_variable']); this should keep u safe from any new injections that might be targetted to ur site.
When you insert something into the database - you have to cleanse it first. In the case of a form being posted ... you should say: $x = mysql_real_escape_string($_POST['var']); And then you would insert $x instead of $_POST['var'];
If you are displaying data from a database rather than inputing data, you should make the database user have persmissions of only SELECT. Don't give the user All privileges.
Thanks for your feedback, gauravajitsaria Wrighty Romocop however I am NO further than I was. I do not need any more suggestions for code, but thanks so far. "I am trying to understand how to use the code, how to apply it" MAYBE ... I did not say, I am not a programmer. I am a NEW computer user of web sites. my problem is with many web site that have Wordpress and vBulletin.. My concern is with hackers that have accessed my site and have used SQL to hijack databases from the site(s). Can someone start by suggesting where to enter the code. Question: Do I enter the code within an HTML page?, if where? Do I enter the code within the software, vBulletin,Wordpress if where? Do I enter the code within Cpanel, like phpmysql, if so, where or how? GREAT SUGGEST, and if I understand how to use it, it may be better? $x = mysql_real_escape_string($_POST['var']); And then you would insert $x instead of $_POST['var']; or $_var=mysql_real_escape_string($_POST['_variable']);
sincere thanks for your reply. Sorry if this question does not sound right. But can I run any code to with phpmyadmin to check if my databases have malicious code SQL injections. I thought that is what the "Gent" were talking about here? example; (maybe as you know) cpanel phpmyadmin search for ?????????? (within the 150each databases) or Search and Replace?
Most injections are used to bypass checks. So long as you run the latest versions of wp or whatever, you'll be fine.