eMoneySpace
Welcome, Guest. Please login or register.
Did you miss your activation email?
News: Earn your money online safely here at eMoneySpace. Feb 07, 2023 11:47 am




Posible attempt of hacking !
Print
Author Topic: Posible attempt of hacking !  (Read 1876 times)
elser
Reputation: (0)
*

Offline

Gender: Male
Posts: 65
Referrals: 0


View Profile
Oct 19, 2009 01:13 am

     This morning, someone, somehow introduced dozens of banners in the script, also added millions of impressions to it. The weird part is they did not have any username attached, so they were introduced from outside. BTw, the links of the banner were:

http://www.libertyreserve.com/?ref=U9035749  (belongs to Shiful Mamun)
http://www.inovabux.com/register.php/noone.html
http://www.upbux.com/r?r=noone

Sorry for reff links, just want to discover who is this guy ?  Evil


     Can anyone tell me how he did it? Script bug or msql injection ?
« Last Edit: Oct 19, 2009 01:22 am by elser » Logged

roshan

Reputation: (0)
*

Offline

Posts: 8
Referrals: 0

View Profile
Reply #1: Oct 19, 2009 01:56 am

noone


masud.che@gmail.com
   
some ip from rec   

207.211.82.34
64.255.180.45    
Logged
administer
Reputation: (+4)
*

Offline

Gender: Male
Posts: 887
Referrals: 0

H.O.D - Evilology

View Profile WWW
Reply #2: Oct 19, 2009 08:02 pm

do you have this code in mysql
REAL_ESCAPE_STRING
Code:


//NOTE: you must be connected to the database to use this function!
// connect to MySQL

$name_bad = "' OR 1'";

$name_bad = mysql_real_escape_string($name_bad);

$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
echo "Escaped Bad Injection: <br />" . $query_bad . "<br />";


$name_evil = "'; DELETE FROM customers WHERE 1 or username = '";

$name_evil = mysql_real_escape_string($name_evil);

$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";
echo "Escaped Evil Injection: <br />" . $query_evil;
« Last Edit: Oct 19, 2009 08:14 pm by administer » Logged
tixepower
Reputation: (+15)
*

Offline

Gender: Male
Posts: 5225
Referrals: 6


Cry me a river girl.. ;'(

View Profile WWW
Reply #3: Oct 20, 2009 03:42 am

Do you have password protected admin folder? ;<
Logged

jjohnson777
Reputation: (+29)
*

Offline

Gender: Male
Posts: 11972
Referrals: 8


View Profile WWW
Reply #4: Oct 21, 2009 04:29 pm

Your site is tacky with those 4-6 banners I would never join due to it.  Unless making alot from them I would see if things improve without all those banners on your site.

And why would you password protect the admin dir?
Logged


elser
Reputation: (0)
*

Offline

Gender: Male
Posts: 65
Referrals: 0


View Profile
Reply #5: Oct 22, 2009 01:50 am

do you have this code in mysql
REAL_ESCAPE_STRING
Code:


//NOTE: you must be connected to the database to use this function!
// connect to MySQL

$name_bad = "' OR 1'";

$name_bad = mysql_real_escape_string($name_bad);

$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
echo "Escaped Bad Injection: <br />" . $query_bad . "<br />";


$name_evil = "'; DELETE FROM customers WHERE 1 or username = '";

$name_evil = mysql_real_escape_string($name_evil);

$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";
echo "Escaped Evil Injection: <br />" . $query_evil;

Where do I look for that ?
Logged

elser
Reputation: (0)
*

Offline

Gender: Male
Posts: 65
Referrals: 0


View Profile
Reply #6: Oct 22, 2009 01:54 am

Your site is tacky with those 4-6 banners I would never join due to it.  Unless making alot from them I would see if things improve without all those banners on your site.

And why would you password protect the admin dir?

   Nobody is forcing you to join. And yeah, have plenty of banners and I'm aware it looks unprofessional; helps me to get some income, since I have very few sales. I'm not rich like you.  Roll Eyes
Logged

maderitescripts

Reputation: (+22)
*

Offline

Posts: 1589
Referrals: 4


NO Lounging

View Profile
Reply #7: Oct 22, 2009 02:07 am

Your site is tacky with those 4-6 banners I would never join due to it.  Unless making alot from them I would see if things improve without all those banners on your site.

And why would you password protect the admin dir?

hmmm i remember when someone else used to pack all them banners on there like that      rofl pot and kettle bro pot and kettle.

not sure what administer meant with that post sort of lost on that myself
Logged



    War is an ugly thing, but not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. The person who has nothing for which he is willing to fight, nothing which is more important than his own personal safety, is a miserable creature and has no chance of being free unless made and kept so by the exertions of better men than himself.  (John Stuart Mill)
MUSHY
Reputation: (+18)
*

Offline

Gender: Female
Posts: 1003
Referrals: 20

Had a aneurysm guys never a scammer

View Profile
Reply #8: Oct 22, 2009 05:59 am

Other usernames smopel - email smopel@hotmail.com and is from Bangledesh. Do you want address and phone number too? Tongue But really no answers to how he did it - mysql perhaps?
Logged
Delusional

Reputation: (+2)
*

Offline

Gender: Male
Posts: 4713
Referrals: 6


GPSBlack Creator

View Profile WWW
Reply #9: Oct 22, 2009 08:28 am

Where do I look for that ?
he don't know what he is takling about.

you need to sanitize all forms
Logged

maderitescripts

Reputation: (+22)
*

Offline

Posts: 1589
Referrals: 4


NO Lounging

View Profile
Reply #10: Oct 22, 2009 04:02 pm

it was just s imple admin hack actually if you leave username admin theyre gonna getin
Logged



    War is an ugly thing, but not the ugliest of things. The decayed and degraded state of moral and patriotic feeling which thinks that nothing is worth war is much worse. The person who has nothing for which he is willing to fight, nothing which is more important than his own personal safety, is a miserable creature and has no chance of being free unless made and kept so by the exertions of better men than himself.  (John Stuart Mill)
Print
 
Jump to:  
Copyright © 2008-2023 eMoneySpace. All rights reserved.