James Coffman wrote:
Hello all,
My website has been hacked using a url such as:
-1%20union%20all%20select%201,2,concat(username,char(58),password),4,5,6%20f
rom%20users-- .
I have been searching on the web for a solution/fix to this issue and I
cannot seem to find one. The command above is showing all usernames and
passwords (in hashes) and I am not comfortable with that at all! Is there
anyone out there that may be able to help or may be able to point me in the
direction that I need to go in order to correct this issue?
The term you're looking for is SQL injection. Pop that into Google and
you'll get a shedload of stuff.
Gary
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
