Ever Wondered - X Nations
      
      
Go Back   X Nations > X Nations > General Webmaster Business and Discussions

Reply
 
Thread Tools Display Modes
Old 09-21-2003, 01:07 AM   #1
The_Watcher
The_Watcher should edit this
Citizen X
 
Join Date: Sep 2003
Location: United Kingdom
Posts: 10
xBucks: 442
Default Ever Wondered

how crackers/hackers add passwords to your paysite ???

i have been around a good few years now just wondered if you guys ever wondered how it was done ?
The_Watcher is offline   Reply With Quote
Old 09-21-2003, 01:18 AM   #2
firehorse
firehorse should edit this
Kitty's love slave :)
 
firehorse's Avatar
 
Join Date: Sep 2002
Location: Australia
Posts: 506
xBucks: 4,755
Send a message via ICQ to firehorse Send a message via AIM to firehorse
Default

Unfortunately it is way too easy! And another angle is that people tend to use the same passwords on boards and a lot of other places!

Peace and Profit
__________________
ICQ 512 915

born4porn
firehorse is offline   Reply With Quote
Old 09-21-2003, 01:21 AM   #3
The_Watcher
The_Watcher should edit this
Citizen X
 
Join Date: Sep 2003
Location: United Kingdom
Posts: 10
xBucks: 442
Default

but would you guys know how its done i certainly know as like i say i have been around for a while the suddenly realised why not help owners to combat this ?!

after doing the rounds i thought maybe turn my hand to helping instead of taking !
The_Watcher is offline   Reply With Quote
Old 09-21-2003, 01:22 AM   #4
The_Watcher
The_Watcher should edit this
Citizen X
 
Join Date: Sep 2003
Location: United Kingdom
Posts: 10
xBucks: 442
Default

well i just tried to edit my post but with no luck was going to add if anyone would like info please pm me !
The_Watcher is offline   Reply With Quote
Old 09-21-2003, 05:21 AM   #5
wsjb78
wsjb78 should edit this
Local Shadow Agent #1
 
wsjb78's Avatar
 
Join Date: Nov 2002
Location: Home
Posts: 1,061
xBucks: 16,705
Default

Well, poor programming of websites...

e.g. a users uses php and mysql to access the db. He then writes username and pwd into a php script of config file... however he does not put that file outside the webroot....

Now PHP fails and you can see username and pwd in plain text for the db... once you have that info you can try to connect to the db. I'm pretty sure when that guy doesn't even move the config file outside the webroot then he has a global root user to mysql which he lets to connect from everywhere... if so then probably the same guy does not encrypt user pwds which are stored.... or the hacker just inserts a new user there

That means you can easily get those things... I've seen that a couple of times where PHP has been failing... on a server.....

This is just a simple way of getting acces...
wsjb78 is offline   Reply With Quote
Old 09-21-2003, 08:54 AM   #6
The_Watcher
The_Watcher should edit this
Citizen X
 
Join Date: Sep 2003
Location: United Kingdom
Posts: 10
xBucks: 442
Default

Some is down to pore programming some use other tools !

want to learn more pm me !
The_Watcher is offline   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
2013 - xnations.com
All times are GMT -4. The time now is 04:11 AM.
Skin by vBCore.com