|
|
Ian
|
posted on 9th Sep 04 at 23:50 |
quote:
Originally posted by blundey
if the database allowed external connections.
Unlikely!
You need to have a shell prompt to start mysql like that, and it might not be that simple if there's a user/pass combo. Maybe:
mysql -u k4rma -p
(enter pass on the next line)
No point if there's a web panel though, the panel confirms everything slightly dangerous :lol:
|
blundey
|
posted on 9th Sep 04 at 23:48 |
damn ur fast fingers ian
|
blundey
|
posted on 9th Sep 04 at 23:47 |
ohh ok....then just run mysql from command line...like:
mysql -p <username>
Then when you get this:
mysql>
Just input the above following.
You could alternativley connect to port 3306 from another machine and do the above if the sql database allowed external connections.
|
Drew
|
posted on 9th Sep 04 at 23:46 |
cheers for your help i'll give it a try.
look out for my post tomorrow called 'how do i bring my dead site back alive' :lol::lol:
thanks again
|
Ian
|
posted on 9th Sep 04 at 23:45 |
Give me the web address, username and password... :lol:
Just go there, go inside the database using the drop down box or list on the left and there will be tab style links across the top of the main area of the screen. One of those is 'SQL' where you can put raw SQL statements in.
Just put this in though, not the whole thing with lines, comments etc. there's no need.
DROP TABLE IF EXISTS `phpbb_ip`;
CREATE TABLE `phpbb_ip` (
`id` tinyint(4) NOT NULL auto_increment,
`ip` varchar(200) NOT NULL default '0',
`host` varchar(200) NOT NULL default '0',
`date` varchar(200) NOT NULL default '0',
`username` varchar(200) NOT NULL default '0',
`referrer` varchar(200) NOT NULL default '0',
`forum` varchar(200) NOT NULL default '0',
`browser` varchar(200) NOT NULL default '0',
KEY `id` (`id`)
) TYPE=MyISAM;
|
Dan B
|
posted on 9th Sep 04 at 23:40 |
It's pretty simple......it lets you access any table, change any value, and then save it.
Means you don't need to run any complex SQL queries/commands.
|
Drew
|
posted on 9th Sep 04 at 23:39 |
quote:
Originally posted by Ian
You're adding a hack to your install of phpBB?
I assume you're able to alter the code but need access to the database to make that table?
Do you have anywhere at all you can enter SQL statements? Nothing provided by the host?
You'll either have the ability to do that or you'll need to embed them in a php script and just run it once, then delete it. Bit of a messy way of doing it but it'd run the statements.
I personally would install something like phpMyAdmin.
yes thats correct - the control panel has phpmyadmin already installed - i just dont know how to use it :lol::lol:
|
Ian
|
posted on 9th Sep 04 at 23:37 |
You're adding a hack to your install of phpBB?
I assume you're able to alter the code but need access to the database to make that table?
Do you have anywhere at all you can enter SQL statements? Nothing provided by the host?
You'll either have the ability to do that or you'll need to embed them in a php script and just run it once, then delete it. Bit of a messy way of doing it but it'd run the statements.
I personally would install something like phpMyAdmin.
|
Drew
|
posted on 9th Sep 04 at 23:35 |
quote:
Originally posted by Ian
Only the subject, nearly :o
no subject is 'forum hacking - SQL's' ie, hacking a forum and an sql question :)
|
Drew
|
posted on 9th Sep 04 at 23:34 |
quote:
Originally posted by Ian
I think he means hacking as in hacking the software about and adding stuff, not breaking it.
Don't know why you'd want them all identical 200 length varchars either. Thats not a particularly efficient way of doing it.
this is the description..........
Features:
- Log Data
- Username
- IP
- Host
- Referrer
- Forumid
- Time
- See how often a user has been logged
- See users that have the same ip, host, referrer
like i said, i know nothing about sql's, it just says to add it :boggle:
|
Ian
|
posted on 9th Sep 04 at 23:34 |
Only the subject, nearly :o
|
Drew
|
posted on 9th Sep 04 at 23:32 |
quote:
Originally posted by blundey
err its not called SQL hacking...
i have not mentioned sql hacking anywhere :boggle:
|
Ian
|
posted on 9th Sep 04 at 23:32 |
I think he means hacking as in hacking the software about and adding stuff, not breaking it.
Don't know why you'd want them all identical 200 length varchars either. Thats not a particularly efficient way of doing it.
|
blundey
|
posted on 9th Sep 04 at 23:29 |
err its not called SQL hacking...there are two things you can do.
One is SQL injection...you can read up on this here: http://www.governmentsecurity.org/articles/SQLinjectionBasicTutorial.php
The other method is similar to cross site scripting.
Or actually use an exploit thats already made...this will involve the use of linux/unix variant. For exploits check out www.packetstormsecurity.org or www.secuiteam.net
The adbove wont work as this site is not running phpbb and youve put it in a thread :P
|
Ian
|
posted on 9th Sep 04 at 23:27 |
How to run those statements?
Depends whats installed, either at the command line, or any web interface you have already.
For the record that just deletes the table called phpbb_ip and makes it again. I've no idea why you'd want to do that.
|
Drew
|
posted on 9th Sep 04 at 22:53 |
could anyone tell me how to do this, as i know nothing about SQL's - or should i leave it to someone who does?
--------------------------------------------
#-----[ ADD SQL ]------------------------------------------
#
DROP TABLE IF EXISTS `phpbb_ip`;
CREATE TABLE `phpbb_ip` (
`id` tinyint(4) NOT NULL auto_increment,
`ip` varchar(200) NOT NULL default '0',
`host` varchar(200) NOT NULL default '0',
`date` varchar(200) NOT NULL default '0',
`username` varchar(200) NOT NULL default '0',
`referrer` varchar(200) NOT NULL default '0',
`forum` varchar(200) NOT NULL default '0',
`browser` varchar(200) NOT NULL default '0',
KEY `id` (`id`)
) TYPE=MyISAM;
------------------------------------------------
:o:o:o
|
