What? Your giving out hosting credits?

Your nice.

*Cough*Isaidyournicenowgiveme5000credits*Cough*

I think it is called "SQL Injection" (because jou "inject" SQl into the original script that is not suppposed to be there)

Coincidentally, I did this just last week to a friends website. He claimed his site was totally protected and unhackable. But I knew he was using Advanced Guestbook 2.2 on it, which is vulnerable to this kind of attack. So I showed him. Needless to say he has upgraded to 2.3.1 now. Sucker!

Basically, the script says "if A=B then OK", where A is the original password and B is the one the form asks. You're giving the phrase "X or 0=0" for the password. Now the script says; "if A=X or 0=0 then OK". Easy as pie!

The new form checks the input for illegal characters and filters them. So you can't do this anymore! Search for the phrase "Google Hacking" on... ehm, Google and see what other vulnerabilities can be found out there...

Not a very nice thing to do to a friend, then again, he was asking for it!
Nothing unhackable. Theres always the blackhat hackers out there.

Whats your friend's site URL/address? I would like to see.

I know someone who does it for fun...it's not funny, though.

He actually did it to my site to play around. He changed my welcome message to something embarrising that happened to me that week and so I got mad and IP banned him.

But, he had proxies, so he completely hacked my site for trying to get rid of him.

aaaaaaaa now i have o cheak all the mods iv downloaded help im scared!

wwo thanks for the info mate

never knew that.. thought i was just some silly thing..

I have known this for quite a while but it is good for all people that are going to use a Mysql or other sql database to know how to protect their pages. I have seen many pages that have been object of this attacks.

There are so many other ways so i encorage you guys to look into some javascript injections and XSS(cross site scripting)

I've read about this sql injection somewhere, but that time I'm not pay much attention about this. Now, I think I'm a bit understand about this and learned how dangereous is that
Thanks !

Thank you for posting this. Are SQL Injections what cause all of the phpBB exploits? I know it was something like that. I really like phpBB boards, I'm trying to learn php more advance than whay I know already, which is basic things like.
echo "Text Here";
date("D")
if...else
switch
$variable
etc...
I want to make some really great phpBB hacks, I've been looking at the phpBB code for a while now, I think if I can understand everything in it I should be doing alright. I'll also know the structure of the software and how it works, that should help me make some modifications for it.