Hi everybody,
I found an error-based sql injection in my webserver.My database doesn't contain any private info.
I want to know if its possible to own my server just by using the info in information_shema.
Please tell me because i want to know if i have to fix it.I don't want to get hacked!
Thanks.
I can provide additional info if you need it.
Karlwakim 17 Junior Poster in Training
hericles 289 Master Poster Featured Poster
I'm not sure about taking control of your server from an SQL injection attack but you can easily lose your database. I can't remember the exact SQL code but I have seen scripts that can ascertain table names from the system tables. If you allow SQL injection attacks hackers can bypass your logins, pull out all the data, make all your data disappear, etc.
Karlwakim 17 Junior Poster in Training
Ok thanks,
I'm now fixing it
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.