ExtremeGaming Posted May 27, 2013 Posted May 27, 2013 Well there is no real way to know unless we'd see what's on your site to begin with. And I'm sure you won't divulge that information.
Guest orb123 Posted May 27, 2013 Posted May 27, 2013 Finally, progress! I noticied that loads of blank rows are being inserted into the chat table after a user posts a message, this is currently still happening. So if I post hi it will send and the post a couple of blank rows into the table which don't appear to show on the Chatroom. On that note, the attacker came on my site today (I wasn't on at the time) and was causing fights on the site and was also talking about talking about hacking another website. I tried to figure out the problem by looking at the table. The post before the blanks were inserted was normal, I'm not sure if he was able to somehow insert blank messages into the DB and also make it continue happening..
Krydos Posted May 28, 2013 Posted May 28, 2013 Sounds like SQL injection to me. Are you properly escaping all of the input? This guy also sounds like a pretty terrible friend. It's good to know about vulnerabilities and how to fix them but if he just wants to screw with you and not actually help it sounds like you need better friends. Just my opinion.
Guest orb123 Posted May 28, 2013 Posted May 28, 2013 Hi Krydos, I believe I am escaping the input correctly ( I use mysql_real_escape_string ) I too believe he is trying to screw with me, he also hacks a lot of websites. I attempted to clear the table to fix the problem, but blank rows are still being inserted. How can I fix this?
Sove Posted May 28, 2013 Posted May 28, 2013 You really think we can solve your problem without knowing what is on your site?
Guest orb123 Posted May 28, 2013 Posted May 28, 2013 Chat, Forums, Shop, (Uses points not real money). And PMs. That's all so far, I believe he injected into the chat table.
Recommended Posts