Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
Could someone please tell me how to protect my habbo hotel from SQL injection attacks?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Morohara" data-source="post: 468006" data-attributes="member: 93970"><p>SQL injection isn't normally EMU side. (there are other attacks that used to involve attacking an emu directly but the majority of these have already been fixed in updated emus.) </p><p></p><p>There are different type of injection attacks you have the standard injection method where you query yourself or you have the one this program used (If you have a source I can outline it better on how it works this can be done via cms but majority have this patched so this is useless.)</p><p>Majority of the programs you download work by querying repeated requests till they get a reaction like a list, apps like Cloudflare block these aswell as coming with SQL injection protection. Which is outlined below on how it works.</p><p></p><p>This can be done in a multitude of ways eg; Entering data into a field on a website. Like a post request. How it works is when you input a query into a field on a retro (normally cms) its stored and the database will run the query. posting the data requested. (this can be fixed by filtering out the queries.)</p><p></p><p>The one you have is probably are dealing with is eg; <a href="http://www.hotel.com?user=1" target="_blank">www.hotel.com?user=1</a> 1 or 1=;-- (this is an example) This is basically a user asking for this data related to table user where it equals the id = 1. The program it self will bombard requests which depending on your server (IIS) you can see what kind of requests hes executing. The number with the program will go up and up so he'll ask for id 1,2,3,4,5 to get the relevant information.</p><p></p><p>In my honest opinion if you have no development background I wouldn't try to go in depth and try to do a complex resolution try getting cloudflare as this will help with the program associated, as cloudflare blocks requests after x amount has been queried.</p></blockquote><p></p>
[QUOTE="Morohara, post: 468006, member: 93970"] SQL injection isn't normally EMU side. (there are other attacks that used to involve attacking an emu directly but the majority of these have already been fixed in updated emus.) There are different type of injection attacks you have the standard injection method where you query yourself or you have the one this program used (If you have a source I can outline it better on how it works this can be done via cms but majority have this patched so this is useless.) Majority of the programs you download work by querying repeated requests till they get a reaction like a list, apps like Cloudflare block these aswell as coming with SQL injection protection. Which is outlined below on how it works. This can be done in a multitude of ways eg; Entering data into a field on a website. Like a post request. How it works is when you input a query into a field on a retro (normally cms) its stored and the database will run the query. posting the data requested. (this can be fixed by filtering out the queries.) The one you have is probably are dealing with is eg; [URL="http://www.hotel.com?user=1"]www.hotel.com?user=1[/URL] 1 or 1=;-- (this is an example) This is basically a user asking for this data related to table user where it equals the id = 1. The program it self will bombard requests which depending on your server (IIS) you can see what kind of requests hes executing. The number with the program will go up and up so he'll ask for id 1,2,3,4,5 to get the relevant information. In my honest opinion if you have no development background I wouldn't try to go in depth and try to do a complex resolution try getting cloudflare as this will help with the program associated, as cloudflare blocks requests after x amount has been queried. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
Could someone please tell me how to protect my habbo hotel from SQL injection attacks?
Top