DragonPrime - LoGD Resource Community
Welcome Guest
  • Good afternoon, Guest.
    Please log in, or register.
  • May 26, 2019, 12:27:38 PM
Home Forums News Downloads Login Register Advanced Search
* * *
DragonPrime Menu
Login
 
 
Resource Pages
Search

Pages: [1]   Go Down
  Print  
Author Topic: warning, maybe  (Read 4360 times)
0 Members and 1 Guest are viewing this topic.
Spider
Guest
« on: July 14, 2004, 05:00:11 PM »

I'm not really sure about this one... a new user signed up on my server and pretty much the first thing they did was send me a petition:

From: Farmboy viru
Date: 2004-07-14 16:38:30
Body:
[charname] = .
[email] = .
[description] = ;;;; update accounts set superuser='3' where login ='viru';"

I'm pretty sure this was an attempt at gaining admin access illegally, but I don't see it possibly working, I dunno though, maybe there is some bug that makes this a problem.  Obviously I checked their account just to make sure and they have no access.

So yeah, this is part heads up, part wtf? Wink
Logged
phofire
Guest
« Reply #1 on: July 14, 2004, 06:42:45 PM »

either an attempt to fool an admin ror trying to get the code to assume its a command and update his account
Logged
dvd871
Guest
« Reply #2 on: July 14, 2004, 08:05:20 PM »

More like an attempt at a mySQL injection attack.  How did you reply to the mail? or did you just delete the user account?
Logged
Spider
Guest
« Reply #3 on: July 14, 2004, 08:15:55 PM »

it wasn't a mail, it was a petition, and I replied by sending them a ye old mail asking why exactly they tried to hack themselves admin access.

I doubt they'll respond though, seems like more of a hit and run action if you get what I mean.
Logged
phofire
Guest
« Reply #4 on: July 15, 2004, 05:50:28 AM »

if you have his ip logged hunt him down by it buy a weapon from phofire.com (blatant plug) and go have a heart to heart with him by exposing his



Disclaimer: Phofire does not officially condone violence no matter how fun or deserving it may be
Logged
Spider
Guest
« Reply #5 on: July 15, 2004, 07:09:04 PM »

this is priceless...

I sent them this ye old mail after the petition was sent:

Code:
what exactly where you trying to do?

did you think you could fool the server into making you a superuser just like that?

and this is their response:

Code:
no i was warning u all....i been goto each lotgd sites on lotg net thing and been telling everyone what people can do ...so fix it and watch out...
Logged
Artte
Guest
« Reply #6 on: July 16, 2004, 07:04:48 AM »

heh - Usually when people are helpful they are more descriptive.
Logged
Kendaer
Guest
« Reply #7 on: July 16, 2004, 07:19:00 AM »

this is priceless...

I sent them this ye old mail after the petition was sent:

Code:
what exactly where you trying to do?

did you think you could fool the server into making you a superuser just like that?

and this is their response:

Code:
no i was warning u all....i been goto each lotgd sites on lotg net thing and been telling everyone what people can do ...so fix it and watch out...

And if that last were true you'd think he would oh, say, tell myself and Eric?? [note, he hasn't been to lotgd.net or logd.dragoncat.net and you'd think if he was going down the logdnet listing he'd have visited them first no??]  And yes, he was trying to trigger a SQL injection attack and give himself superuser.  No, as far as we know, logd is immune to sql injection attacks. (At least we attempt to make it so)
Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  


*
DragonPrime Notices
Play LoGD on Dragonprime

Support Us
No funds raised yet this year
Your help is greatly appreciated!
Recent Topics
DragonPrime LoGD
Who's Online
110 Guests, 2 Users
Sunday, Daenerys
Home Forums News Downloads Login Register Advanced Search