Thread: What is SQL Injection?
View Single Post
  #4  
Old 8th November 2021, 17:45
firefly007's Avatar
firefly007 firefly007 is offline
SUPPORT GURU
  
Join Date: Jun 2010
P2P
Posts: 721
Default
Quote:
Originally Posted by hon View Post
I think that it's impossible to sql inject TorrentTrader because it hash secret with the password before send the query.
Not even hashing is 100% secure because u can use Rainbow tables to possibly crack the passwords in the user table.

Also remember getting access to the user table isnt the only thing u can do with a sql injection. You can also upload a file containing code which can open a reverse shell.

What to do......

Like with many things the internet has done most of the work for you. In this case you can go here https://www.exploit-db.com/exploits/21396 and find exactly where the vulnerabilities are for TT2.8 and patch them.

Thankfully fixing possible sql injections aren't hard and I agree using prepared statements is a good idea however a good sanitize function will do the trick.
__________________




Please Support Majority Report


You can contact me on Skype live:phesadent.elect but please let me know first.


If you are ever need me desperately then please email me at dan.oak44@gmail.com and I will contact u within a week.


Due to free time I'm able to help interested member's with their tracker.

Please Note!
Depending on your requests I will charge you for my assistance for Tracker installs and mods.
All my mods are custom and prices will very depending on the request.
I'm able to install any tracker and mods including themes.

Please PM me
Reply With Quote