SQL injection

Bad threads go here

SQL injection

Post by pinguin123 on Fri Nov 26, 2010 3:29 pm
([msg=49472]see SQL injection[/msg])

Hi,

I made this portal more secure.

Can anyone try to login with SQL-injection - I want to know if my work was good.

[Link Removed] -- Goatboy

greets, Markus
pinguin123
New User
New User
 
Posts: 3
Joined: Fri Nov 26, 2010 3:26 pm
Blog: View Blog (0)


Re: SQL injection

Post by Goatboy on Fri Nov 26, 2010 8:07 pm
([msg=49477]see Re: SQL injection[/msg])

Before we can test it, you need to prove that it is in fact your website. Post an HTML comment on the page saying "HackThisSite" and then link us to that page.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2782
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: SQL injection

Post by pinguin123 on Sat Nov 27, 2010 12:52 am
([msg=49489]see Re: SQL injection[/msg])

Ok, I added a GET-Parameter for proofing - I can't add it so source because houndrets of people view this site daily.

But try this - http://heliothermsupport.com/Login.aspx ... fault.aspx
pinguin123
New User
New User
 
Posts: 3
Joined: Fri Nov 26, 2010 3:26 pm
Blog: View Blog (0)


Re: SQL injection

Post by msbachman on Sat Nov 27, 2010 1:00 am
([msg=49491]see Re: SQL injection[/msg])

pinguin123 wrote:Ok, I added a GET-Parameter for proofing


That's still done on the client.

Goatboy's asking for some proof that it's your site. It is, right? If so it shouldn't be too hard to provide proof of it. Doesn't even need to be HTS stuff. Put up a comment with your username maybe.

It won't be viewable to the public; i'd be shocked if you were contacted in doing so by some concerned citizen. :lol:
"I'm going to get into your sister. I'm going to get my hands on your daughter."
~Gatito
User avatar
msbachman
Contributor
Contributor
 
Posts: 681
Joined: Mon Jan 12, 2009 10:22 pm
Location: In the sky lol
Blog: View Blog (0)


Re: SQL injection

Post by pinguin123 on Sat Nov 27, 2010 1:02 am
([msg=49492]see Re: SQL injection[/msg])

ok, but I added the GET Parameter - it will show it in title-tag.

Ok, I will add a html comment now - for 1 hour - is it enough?
pinguin123
New User
New User
 
Posts: 3
Joined: Fri Nov 26, 2010 3:26 pm
Blog: View Blog (0)


Re: SQL injection

Post by Goatboy on Sat Nov 27, 2010 2:45 am
([msg=49494]see Re: SQL injection[/msg])

The smart thing would have been to leave it up until someone came by to confirm it. Just add a comment saying "GBIAFB" and wait until we say it's okay. I figure a random string of characters won't cause much alarm if anyone does see it.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2782
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: SQL injection

Post by centip3de on Mon Dec 06, 2010 7:54 pm
([msg=50177]see Re: SQL injection[/msg])

Goatboy wrote:The smart thing would have been to leave it up until someone came by to confirm it. Just add a comment saying "GBIAFB" and wait until we say it's okay. I figure a random string of characters won't cause much alarm if anyone does see it.



I highly doubt that is a random string of characters.... I think it means:

"Goat Boy Is A Fucking Beast"

Please excuse my French.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1412
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: SQL injection

Post by Monica on Mon Dec 06, 2010 8:01 pm
([msg=50178]see Re: SQL injection[/msg])

...Necroing a thread makes me very upset.
hi am new so plz dont troll me or i report 2 the HTS mods ty
User avatar
Monica
Contributor
Contributor
 
Posts: 877
Joined: Thu Oct 02, 2008 12:29 am
Location: In The Shadows
Blog: View Blog (0)


Re: SQL injection

Post by sanddbox on Mon Dec 06, 2010 8:58 pm
([msg=50191]see Re: SQL injection[/msg])

And yet you don't lock it? Locked.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: SQL injection

Post by Goatboy on Tue Dec 07, 2010 4:42 am
([msg=50223]see Re: SQL injection[/msg])

sanddbox wrote:And yet you don't lock it? Locked.

And you didn't move it to the Graveyard. Fail. Also, 10 days is hardly a necro. And yes, GBIAFB is what you think it is.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2782
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)



Return to Graveyard

Who is online

Users browsing this forum: No registered users and 0 guests

cron