Not sure exactly what you mean by 'setting date/time right'. Mind
clarifying a little?
-Original Message-
From: Pintér Tibor [mailto:tib...@tibyke.hu]
Sent: Thursday, November 19, 2009 9:10 AM
To: James Coffman
Subject: Re: MySQL being hacked with commands through URL
Jam
Coffman
Cc: mysql@lists.mysql.com
Subject: Re: MySQL being hacked with commands through URL
The bits in your date_format call are confusing your sprintf call
"date_format(updated, '%W, %M %D, %Y %r' )"
elseif ($pageID == "ss" && $item != "mostCurrent")
27;",
> mysql_real_escape_string($item));
> mysql_query($newsSql);
> }
>
> I cannot seem to get the problem narrowed down with this though. As you see
> I am trying to impliment the "mysql_real_escape_string" but I am unfamiliar
> with how to int
e out there
that may have some insight to this problem?
-Original Message-
From: Wm Mussatto [mailto:mussa...@csz.com]
Sent: Wednesday, November 18, 2009 11:55 AM
To: mysql@lists.mysql.com
Subject: Re: MySQL being hacked with commands through URL
On Thu, November 19, 2009 09:47, Jame
James Coffman wrote:
Hello all,
My website has been hacked using a url such as:
-1%20union%20all%20select%201,2,concat(username,char(58),password),4,5,6%20f
rom%20users-- .
I have been searching on the web for a solution/fix to this issue and I
cannot seem to find one. The
On Thu, November 19, 2009 09:47, James Coffman wrote:
> Hello all,
>
> My website has been hacked using a url such as:
> -1%20union%20all%20select%201,2,concat(username,char(58),password),4,5,6%20f
rom%20users-- .
>
> I have been searching on the web for a solution/fix to this issue
With respect, denying all access to 'users' for anything except
r...@localhost sounds like trying to cure dandruff by decapitation.
Firstly your web app shouldn't be using root to access your data
tables and secondly there's every chance his web server is seperate
from his db server. You should hav
Hi
First things first - prevent access apart from r...@localhost to the users
table
Neil
On Wed, Nov 18, 2009 at 5:50 PM, Gary Smith wrote:
> James Coffman wrote:
>
>> Hello all,
>>
>>My website has been hacked using a url such as:
>>
>> -1%20union%20all%20select%201,2,concat(u
James Coffman wrote:
Hello all,
My website has been hacked using a url such as:
-1%20union%20all%20select%201,2,concat(username,char(58),password),4,5,6%20f
rom%20users-- .
I have been searching on the web for a solution/fix to this issue and I
cannot seem to find one. The
> From: James Coffman [mailto:webmas...@cadc.com]
> Hello all,
>
> My website has been hacked using a url such as:
> -1%20union%20all%20select%201,2,concat(username,char(58),passw
> ord),4,5,6%20f
> rom%20users-- .
Without more information, it sounds like simple SQL insertion
On Thu, November 19, 2009 09:47, James Coffman wrote:
> Hello all,
>
> My website has been hacked using a url such as:
> -1%20union%20all%20select%201,2,concat(username,char(58),password),4,5,6%20f
> rom%20users-- .
>
> I have been searching on the web for a solution/fix to this iss
> From: James Coffman [mailto:webmas...@cadc.com]
> Hello all,
>
> My website has been hacked using a url such as:
> -1%20union%20all%20select%201,2,concat(username,char(58),passw
> ord),4,5,6%20f
> rom%20users-- .
Without more information, it sounds like simple SQL insertion
12 matches
Mail list logo