Hello all,
My website has been hacked using a url such as:
-1%20union%20all%20select%201,2,concat(username,char(58),password),4,5,6%20f
rom%20users-- .
I have been searching on the web for a solution/fix to this issue and I
cannot seem to find one. The command above is showing
e out there
that may have some insight to this problem?
-Original Message-
From: Wm Mussatto [mailto:mussa...@csz.com]
Sent: Wednesday, November 18, 2009 11:55 AM
To: mysql@lists.mysql.com
Subject: Re: MySQL being hacked with commands through URL
On Thu, November 19, 2009 09:47, Jame
und it:
$sid = mysql_real_escape_string($item)
$newsSql = "SELECT date_format(updated, '%W, %M %D, %Y %r' ) as
byline, successId, title, story, picpath, staffID FROM success WHERE
successId='$sid'",
$rs = mysql_query($newsSql);
...
On Thu, Nov 19, 2009 at 4:33 PM,
Not sure exactly what you mean by 'setting date/time right'. Mind
clarifying a little?
-Original Message-
From: Pintér Tibor [mailto:tib...@tibyke.hu]
Sent: Thursday, November 19, 2009 9:10 AM
To: James Coffman
Subject: Re: MySQL being hacked with commands through URL
Jam
