09-21-2010, 03:55 AM
|
|
|
Confirmed User
Industry Role:
Join Date: Aug 2001
Posts: 832
|
Quote:
Originally Posted by roly
A big thanks for everyones input its a huge help 
I've got a lot of sites using variations of this (very old) script, its not suported anymore and i don't have the time to find an alternative and switch to that. so i've just got to try and patch it up as best as possible. they were using something along the lines of this to hack the script:
Code:
page.php?id=-999999999+union+select+concat(login,0x3a,password),1,2,3,4,5+from+adminlogin/
so if i implement some of the recommendations above and also remove union, select, etc as well, hopefully i should be a bit safer. |
Glad we could all help 
CONCAT is also a naughty word as you found out. |
|
|