Drew
Banned
Registered: 24th Nov 01
Location: County Durham
User status: Offline
|
could anyone tell me how to do this, as i know nothing about SQL's - or should i leave it to someone who does?
--------------------------------------------
#-----[ ADD SQL ]------------------------------------------
#
DROP TABLE IF EXISTS `phpbb_ip`;
CREATE TABLE `phpbb_ip` (
`id` tinyint(4) NOT NULL auto_increment,
`ip` varchar(200) NOT NULL default '0',
`host` varchar(200) NOT NULL default '0',
`date` varchar(200) NOT NULL default '0',
`username` varchar(200) NOT NULL default '0',
`referrer` varchar(200) NOT NULL default '0',
`forum` varchar(200) NOT NULL default '0',
`browser` varchar(200) NOT NULL default '0',
KEY `id` (`id`)
) TYPE=MyISAM;
------------------------------------------------
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
How to run those statements?
Depends whats installed, either at the command line, or any web interface you have already.
For the record that just deletes the table called phpbb_ip and makes it again. I've no idea why you'd want to do that.
|
blundey
Member
Registered: 25th May 04
Location: Flitwick, Bedfordshire
User status: Offline
|
err its not called SQL hacking...there are two things you can do.
One is SQL injection...you can read up on this here: http://www.governmentsecurity.org/articles/SQLinjectionBasicTutorial.php
The other method is similar to cross site scripting.
Or actually use an exploit thats already made...this will involve the use of linux/unix variant. For exploits check out www.packetstormsecurity.org or www.secuiteam.net
The adbove wont work as this site is not running phpbb and youve put it in a thread 
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
I think he means hacking as in hacking the software about and adding stuff, not breaking it.
Don't know why you'd want them all identical 200 length varchars either. Thats not a particularly efficient way of doing it.
|
Drew
Banned
Registered: 24th Nov 01
Location: County Durham
User status: Offline
|
quote:
Originally posted by blundey
err its not called SQL hacking...
i have not mentioned sql hacking anywhere 
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
Only the subject, nearly
|
Drew
Banned
Registered: 24th Nov 01
Location: County Durham
User status: Offline
|
quote:
Originally posted by Ian
I think he means hacking as in hacking the software about and adding stuff, not breaking it.
Don't know why you'd want them all identical 200 length varchars either. Thats not a particularly efficient way of doing it.
this is the description..........
Features:
- Log Data
- Username
- IP
- Host
- Referrer
- Forumid
- Time
- See how often a user has been logged
- See users that have the same ip, host, referrer
like i said, i know nothing about sql's, it just says to add it
|
Drew
Banned
Registered: 24th Nov 01
Location: County Durham
User status: Offline
|
quote:
Originally posted by Ian
Only the subject, nearly
no subject is 'forum hacking - SQL's' ie, hacking a forum and an sql question 
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
You're adding a hack to your install of phpBB?
I assume you're able to alter the code but need access to the database to make that table?
Do you have anywhere at all you can enter SQL statements? Nothing provided by the host?
You'll either have the ability to do that or you'll need to embed them in a php script and just run it once, then delete it. Bit of a messy way of doing it but it'd run the statements.
I personally would install something like phpMyAdmin.
|
Drew
Banned
Registered: 24th Nov 01
Location: County Durham
User status: Offline
|
quote:
Originally posted by Ian
You're adding a hack to your install of phpBB?
I assume you're able to alter the code but need access to the database to make that table?
Do you have anywhere at all you can enter SQL statements? Nothing provided by the host?
You'll either have the ability to do that or you'll need to embed them in a php script and just run it once, then delete it. Bit of a messy way of doing it but it'd run the statements.
I personally would install something like phpMyAdmin.
yes thats correct - the control panel has phpmyadmin already installed - i just dont know how to use it 
|
Dan B
Member
Registered: 25th Feb 01
User status: Offline
|
It's pretty simple......it lets you access any table, change any value, and then save it.
Means you don't need to run any complex SQL queries/commands.
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
Give me the web address, username and password...
Just go there, go inside the database using the drop down box or list on the left and there will be tab style links across the top of the main area of the screen. One of those is 'SQL' where you can put raw SQL statements in.
Just put this in though, not the whole thing with lines, comments etc. there's no need.
DROP TABLE IF EXISTS `phpbb_ip`;
CREATE TABLE `phpbb_ip` (
`id` tinyint(4) NOT NULL auto_increment,
`ip` varchar(200) NOT NULL default '0',
`host` varchar(200) NOT NULL default '0',
`date` varchar(200) NOT NULL default '0',
`username` varchar(200) NOT NULL default '0',
`referrer` varchar(200) NOT NULL default '0',
`forum` varchar(200) NOT NULL default '0',
`browser` varchar(200) NOT NULL default '0',
KEY `id` (`id`)
) TYPE=MyISAM;
|
Drew
Banned
Registered: 24th Nov 01
Location: County Durham
User status: Offline
|
cheers for your help i'll give it a try.
look out for my post tomorrow called 'how do i bring my dead site back alive'
thanks again
|
blundey
Member
Registered: 25th May 04
Location: Flitwick, Bedfordshire
User status: Offline
|
ohh ok....then just run mysql from command line...like:
mysql -p <username>
Then when you get this:
mysql>
Just input the above following.
You could alternativley connect to port 3306 from another machine and do the above if the sql database allowed external connections.
|
blundey
Member
Registered: 25th May 04
Location: Flitwick, Bedfordshire
User status: Offline
|
damn ur fast fingers ian
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
quote:
Originally posted by blundey
if the database allowed external connections.
Unlikely!
You need to have a shell prompt to start mysql like that, and it might not be that simple if there's a user/pass combo. Maybe:
mysql -u k4rma -p
(enter pass on the next line)
No point if there's a web panel though, the panel confirms everything slightly dangerous
|
