People being able to use SQL injectors on my website and pulling passwords [HELP]

url · 27-05-2020, 02:10 PM

So some of you know, I own gmodfodder and it's been a WIP for a few months now.
I'm not stressing right now because we have like 50 users but i really need to get rid of this issue.
I use MD5 but i guess i'm unsure on how to safely use it?? I thought MD5 was good to use..

I really need help with this.

I HAD a developer helping me with a lot of this but he disappeared so now I'm stuck trying to figure MD5 out with almost no education on how it works.

Woolo12 · 22-06-2020, 09:20 PM

What language are you using to handle registrations? If it is SQL injection, it will be hard to identify the cause without seeing the code

Lazarus · 12-07-2020, 07:45 PM

You could use sha256 and a salt, md5 is really really weak and has alot of cracks out

Nova · 16-07-2021, 04:42 PM

The securest solution would be to use bcrypt afaik. If you want to, I can help you implement bcrypt and find the sql injection.

Oculode · 30-07-2021, 08:50 PM

How are you getting the SQL injection? (Or, I should say, what language does your server run on?)
If it's PHP (and a version lower than 5), you should probably look into using prepared statements (which effectively makes SQL injection impossible) or mysqli_real_escape_string (which makes SQL injection harder).

MD5 is not safe. It's an old hashing method, and you really should look into using bcrypt or at the very least SHA256. Let me know if you need any more information and I'll be happy to help.

pice · 27-10-2021, 12:16 PM

What languange? What framework? please provide details..

azmod · 08-11-2021, 03:45 AM

? ? ?

INO TAI · 18-11-2021, 10:22 PM

vorrei saperne di piu su sql

zacharthur35 · 10-01-2022, 03:32 PM

thats bad case. I am habing the same issue. hope where will be a slolution.

People being able to use SQL injectors on my website and pulling passwords [HELP]

Submitted by url, 27-05-2020, 02:10 PM, Thread ID: 173218

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]

RE: People being able to use SQL injectors on my website and pulling passwords [HELP]