Website Construction

People being able to use SQL injectors on my website and pulling passwords [HELP]

Submitted by url, , Thread ID: 173218

Thread Closed
27-05-2020, 02:10 PM
This post was last modified: 27-05-2020, 02:12 PM by url
#1
So some of you know, I own gmodfodder and it's been a WIP for a few months now.
I'm not stressing right now because we have like 50 users but i really need to get rid of this issue.
I use MD5 but i guess i'm unsure on how to safely use it?? I thought MD5 was good to use..

I really need help with this.

I HAD a developer helping me with a lot of this but he disappeared so now I'm stuck trying to figure MD5 out with almost no education on how it works.
home of the url

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

#2
What language are you using to handle registrations? If it is SQL injection, it will be hard to identify the cause without seeing the code

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

#3
You could use sha256 and a salt, md5 is really really weak and has alot of cracks out

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

This post was last modified: 22-07-2021, 12:53 PM by Nova
#4
The securest solution would be to use bcrypt afaik. If you want to, I can help you implement bcrypt and find the sql injection.
---- ._. ----

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

#5
How are you getting the SQL injection? (Or, I should say, what language does your server run on?)
If it's PHP (and a version lower than 5), you should probably look into using prepared statements (which effectively makes SQL injection impossible) or mysqli_real_escape_string (which makes SQL injection harder).

MD5 is not safe. It's an old hashing method, and you really should look into using bcrypt or at the very least SHA256. Let me know if you need any more information and I'll be happy to help.
Quote:Of course, being an F2P Genshin player means it will take until the heat death of the universe for me to get even one 5-star character from Mihoyo. But a man can dream...

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

#6
What languange? What framework? please provide details..

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

#7
? ? ?

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

#8
vorrei saperne di piu su sql

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

#9
thats bad case. I am habing the same issue. hope where will be a slolution.

Users browsing this thread: 2 Guest(s)