How hacker hack your GC script? just found another clue today

neversay · #1 05-12-2006, 08:54 AM

One of my client got hacked. After 2 hours investigation I found and SQL injection to his site.. thats why many GC sites been hacked..

I can even start hacking other hyip right now

Its very simple keyloging implantation into admin computer.. and every username password will be known to him..

I was in the big fight with Hacker.. fortunately I was in phpmyadmin of my client's web site. Fast enough to delete his new password.

The secreat can not be revealed in the open. All of my paid customer can PM for security updates. Any AS,HYIP script can be open to this kind of attack, decode or encrypted code doesn't help. Just a pure SQL injection.

snøfrisk · #2 05-12-2006, 09:20 AM

Sendt you a mail NS

MoneyTraders_John · #3 05-12-2006, 11:51 AM

lol. you know this just now ? You need only 3 little programs (I got them home, I'm testing a new hyip script against this tool). I even got a video tutorial for hacking a webpage with password and username login protected.
Are you a hyip owner? I'm surprised you know this only now. SQL injection is an old story. Every server can be hacked with this tool.
They show you in a dos command prompt all the tables they got in the MYSQL server. and you can easily add or delete other keys in MYSQL.

The 3 little programs that I got, are NOT FOR SELL !!! They are home made tools from a very old friend. And he doesn't want to be guilty for hacking other website with his tool.

Regards, john

neversay · #4 05-13-2006, 05:01 AM

LOL indeed... I know its SQL injection but did not realized that the current GC script and AS script is not protected.

Well what I just found was another way to inject the info... this hacker is real good and fast , he change admin pass in less than 5 seconds

kennethtan · #5 05-13-2006, 05:20 AM

Quote:

SQL injection is a hacking technique which attempts to pass SQL commands through a web application for execution by a backend database. This is one of the most common application layer attacks currently being used on the Internet. The technologies vulnerable to this attack are dynamic script languages like ASP, ASP.NET, PHP, JSP, CGI, and so on.

To be able to perform SQL Injection hacking, all an attacker needs is a web browser and some guess work to find important table and field names. This is why SQL Injection attacks are so popular.

Try google and there are tons of informations.

Note that hacker can decode gc source code in order to have a full understanding regarding the table, string etc. Then he/she can start "the project" and hyip or autosurf admins will suffer.

As a conclusion, popular or famous script always have problem because those scripts become hacker main target.

chris_j · #6 05-13-2006, 06:26 AM

Quote:

Originally Posted by neversay

this hacker is real good and fast , he change admin pass in less than 5 seconds

Make sure that your don't have the folder "/public_html/vti_pvt/" in your account. If you see this folder, make sure that it doesn't have any hacker's files. This folder is used for FrontPage Extensions & it's the easiest target to upload hacker's files due to wide-spread Frontpage vulnarability. The best thing to do is to DELETE all the folders that start with "_vti" in your "/public_html/" & always use FTP for your uploads (instead of using Frontpage Extensions). Enabling Frontpage Extensions are a BIG security hole for a server.