There is a MySQL exploit that can be used to 'mask' the union attack. MySQL and a few other rdbms's allow a comment /* */ to be placed in the Query as a hint to MySQL to override it's determined course. This is being exploited by some kiddies out there. Read about the modification to the mainfile.php code that I'm testing and I welcome your tests too.
UPDATE 4/28/2004: The hackalert download file now includes this fix. There is no need to redownload if you have already applied the fix in the post mentioned above. Thanks to those who tested this!
Related
Re: Raven's Hack Alert Script (Score: 1) |  | Hey Raven, is it possible to update your script to protect against the following hack, which seems to be doing the rounds :( http://yoursite/admin.php?op=AddAuthor&add_aid=waraxe2&add_name=God&add_pwd=coolpass&add_email=foo bar com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox |
| Re: Raven's Hack Alert Script (Score: 1) by ballymuntrev (abuse@microsoft.com) on Friday, April 30, 2004 @ 12:28:34 UTC (User Info | Send a Message) http://mydublin.org | |
Ps, Thanks, sorry posted too fast :) |
| Re: Raven's Hack Alert Script (Score: 1) by Raven on Friday, April 30, 2004 @ 12:31:16 UTC (User Info | Send a Message) | |
This is the admin hack that Chatserv fixed a while back. Just add these lines to your admin.php file if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) { $loc = $_SERVER['QUERY_STRING']; header("Location: hackattempt.php?$loc"); die(); } |
| Re: Raven's Hack Alert Script (Score: 1) by ballymuntrev (abuse@microsoft.com) on Friday, April 30, 2004 @ 12:36:14 UTC (User Info | Send a Message) http://mydublin.org | |
Thank you my friend :) |
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
