MySQL is an open-source relational database management system.
2
votes
3answers
126 views
A customers site had a big mysql injection attack on it, just want to learn from it
I created an online store for a friend of mine.
I created a system that shoots me an email any time there is a database error, that way if it is a bug in my code I can identify it and fix it. The ...
6
votes
3answers
356 views
Is there any SQL injection for this PHP login example?
I want to write a login form, and I got one example from the web.
I want to know, if there is any SQL injection for this code? If there is, what could the exploit's web form entry look like?
This is ...
-2
votes
0answers
52 views
SQL injection to a mysql database doesnt work [closed]
I am trying to execute the following query into a post query:
searchType=defaultSearch&name=&country="; //SQL INJECTION HERE ...
6
votes
2answers
253 views
SQL Injection: Drop All Tables
I used some vulnerability scanners to check a site of mine, and an instance of blind SQL injection was returned. However, when I try to exploit this vulnerability by entering the following into the ...
0
votes
1answer
68 views
XSS MySQL Database Accessible?
I'd like to know if there is any danger of someone being able to access the database via XSS vulnerabilities on this page.
I have the following link. When you go to this link, the text I've enclosed ...
2
votes
3answers
110 views
MySQL database access prevention
I am doing a PHP website for a client who deals with third party financial information, and he is concerned about the developmers (me) having access to all the information, which is obviously a valid ...
1
vote
1answer
84 views
Is it secure to use a custom written Php extension for handling + hashing (db) keys?
I'm designing the security of a new application and try to figure out what the best way is to store the keys of the mysql AES encryption in the file system. I've seen several options like store it ...
2
votes
2answers
113 views
MySQL Access Control?
I have read somewhere that it is better to have two different MySQL logins in order to prevent hacking. What I mean is having one MySQL login for read access (SELECT permission) and another login for ...
-2
votes
1answer
369 views
Admin area in my php website is vulnerable to sql injection without login [closed]
my website admin area is vulnerable to sql injection . I tried using havji and it hacked successfully to database. But how is this possible. without login it breaked into admin panel.
...
1
vote
3answers
112 views
Is there such a thing as MySQL connection flooding?
I'm a developer for a small website. There are 3 webservers (for load balancing) and a MySQL server.
Today the webservers seem to be down, and, unfortunately, I cannot get hold of the admin (he's in ...
2
votes
1answer
54 views
Can we reverse engineer binlog with row format to make MySQL AES_ENCRYPT visible?
Suppose if I am using the mysql database based encryption using AES_ENCRYPT function & insert records, is it possible to decode the row formatted binlogs generated by MySQL to obtain the actual ...
0
votes
1answer
121 views
Facebook data visibility to admin staff
I recently had a conversation with a friend in which I told him that everything written on Facebook can be seen by the Facebook admin staff. As a software engineer and database administrator I know ...
5
votes
1answer
253 views
My site just got hit with a SQL injection attack, how can I tell what they were doing?
So a page on my site (it's a PHP page that displays newsletter articles) was vulnerable to SQL injection and got hit. I discovered it because it was doing enough database queries to cause the CPU load ...
2
votes
1answer
187 views
SQL injecting a search form which uses boolean mode
I'm testing a web app and I could get Mysql errors by inserting ' in the search field:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the ...
4
votes
2answers
95 views
Security implications of storing email attachments on Centos Server
There is an application I am working on which requires processing the incoming mails to [email protected].
The company.com mail accounts are being run via Google Apps for Business.
So I fetch the ...
