Hi First things first - prevent access apart from r...@localhost to the users table
Neil On Wed, Nov 18, 2009 at 5:50 PM, Gary Smith <li...@l33t-d00d.co.uk> wrote: > James Coffman wrote: > >> Hello all, >> >> My website has been hacked using a url such as: >> >> -1%20union%20all%20select%201,2,concat(username,char(58),password),4,5,6%20f >> rom%20users-- . >> >> >> I have been searching on the web for a solution/fix to this issue and I >> cannot seem to find one. The command above is showing all usernames and >> passwords (in hashes) and I am not comfortable with that at all! Is there >> anyone out there that may be able to help or may be able to point me in >> the >> direction that I need to go in order to correct this issue? >> >> >> >> > The term you're looking for is SQL injection. Pop that into Google and > you'll get a shedload of stuff. > > Gary > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: > http://lists.mysql.com/mysql?unsub=neil.tompk...@googlemail.com > >
