To whoever hacked into my Database
nikos.gr33k at gmail.com
Thu Nov 7 23:56:28 CET 2013
Στις 8/11/2013 12:46 πμ, ο/η Tim Delaney έγραψε:
> On 8 November 2013 09:45, Tim Delaney <timothy.c.delaney at gmail.com
> <mailto:timothy.c.delaney at gmail.com>> wrote:
> On 8 November 2013 09:18, Νίκος Αλεξόπουλος <nikos.gr33k at gmail.com
> <mailto:nikos.gr33k at gmail.com>> wrote:
> I feel a bit proud because as it seems i have manages to secure
> it more tight. All i need to do was to validate user input data,
> so the hacker won't be able again to pass bogus values to
> specific variables that my script was using.
> So we now have confirmation that Nikos' site is subject to SQL
> injection attacks on anything that he is not specifically
> validating. And I'm absolutely sure that he has identified every
> location where input needs to be validated, and that it is
> impossible to get past the level of validation that he's doing, so
> the site is completely secure! Just like the last time he claimed
> that (and the time before, and the time before that ...).
> Not to mention the idiocy of exposing your web server logs to the
> outside world ... (no - I didn't go there - I want no chance of getting
> malware from his site).
> Tim Delaney
It was necessary post post web server's logs by doing
tail -f '/usr/local/apache/logs/error_log'
so to display the error message i got.
Also i never claimed i was a professional coder, i am an amateur at a
beginner level and i do it out of hobby.
I could have designed my website in a CMS( wordpress, joomla) but i like
programming and wanted to design and learn to code at the same time.
Since i'm an idiot as you call me try to hack it yourself since you are
And i don;t think it was an sql injection by the way.
It was just a manipulation of the 'page' variable my script is using.
Hacker was able to pass bogus info to that variable.
I believe he passed values to var 'page' via URL like
More information about the Python-list