Website Construction

People being able to use SQL injectors on my website and pulling passwords [HELP]

Submitted by url, , Thread ID: 173218

Thread Closed
User Icon
Senior Member
Level:
3
Reputation:
59
Posts:
577
Likes:
122
Credits:
10
27-05-2020, 02:10 PM
This post was last modified: 27-05-2020, 02:12 PM by url
#1
So some of you know, I own gmodfodder and it's been a WIP for a few months now.
I'm not stressing right now because we have like 50 users but i really need to get rid of this issue.
I use MD5 but i guess i'm unsure on how to safely use it?? I thought MD5 was good to use..

I really need help with this.

I HAD a developer helping me with a lot of this but he disappeared so now I'm stuck trying to figure MD5 out with almost no education on how it works.
home of the url

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

Woolo12
Newbie
Level:
0
Reputation:
0
Posts:
17
Likes:
0
Credits:
2
22-06-2020, 09:20 PM
#2
What language are you using to handle registrations? If it is SQL injection, it will be hard to identify the cause without seeing the code

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

Lazarus
Novice
Level:
0
Reputation:
0
Posts:
34
Likes:
2
Credits:
0
12-07-2020, 07:45 PM
#3
You could use sha256 and a salt, md5 is really really weak and has alot of cracks out

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

Nova
Junior Member
Level:
7
Reputation:
0
Posts:
78
Likes:
7
Credits:
123
16-07-2021, 04:42 PM
This post was last modified: 22-07-2021, 12:53 PM by Nova
#4
The securest solution would be to use bcrypt afaik. If you want to, I can help you implement bcrypt and find the sql injection.
---- ._. ----

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

Junior Member
Level:
6
Reputation:
0
Posts:
56
Likes:
2
Credits:
48
30-07-2021, 08:50 PM
#5
How are you getting the SQL injection? (Or, I should say, what language does your server run on?)
If it's PHP (and a version lower than 5), you should probably look into using prepared statements (which effectively makes SQL injection impossible) or mysqli_real_escape_string (which makes SQL injection harder).

MD5 is not safe. It's an old hashing method, and you really should look into using bcrypt or at the very least SHA256. Let me know if you need any more information and I'll be happy to help.
Quote:Of course, being an F2P Genshin player means it will take until the heat death of the universe for me to get even one 5-star character from Mihoyo. But a man can dream...

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

pice
Lurker
Level:
0
Reputation:
0
Posts:
6
Likes:
0
Credits:
6
27-10-2021, 12:16 PM
#6
What languange? What framework? please provide details..

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

azmod
Newbie
Level:
2
Reputation:
0
Posts:
19
Likes:
0
Credits:
11
08-11-2021, 03:45 AM
#7
? ? ?

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

INO TAI
Newbie
Level:
1
Reputation:
0
Posts:
14
Likes:
1
Credits:
0
18-11-2021, 10:22 PM
#8
vorrei saperne di piu su sql

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

zacharthur35
Novice
Level:
2
Reputation:
0
Posts:
24
Likes:
0
Credits:
8
10-01-2022, 03:32 PM
#9
thats bad case. I am habing the same issue. hope where will be a slolution.

Users browsing this thread: 1 Guest(s)