To whoever hacked into my Database

Νίκος Αλεξόπουλος nikos.gr33k at gmail.com
Thu Nov 7 23:56:28 CET 2013


Στις 8/11/2013 12:46 πμ, ο/η Tim Delaney έγραψε:
> On 8 November 2013 09:45, Tim Delaney <timothy.c.delaney at gmail.com
> <mailto:timothy.c.delaney at gmail.com>> wrote:
>
>     On 8 November 2013 09:18, Νίκος Αλεξόπουλος <nikos.gr33k at gmail.com
>     <mailto:nikos.gr33k at gmail.com>> wrote:
>
>         I feel a bit proud because as it seems i have manages to secure
>         it more tight. All i need to do was to validate user input data,
>         so the hacker won't be able again to pass bogus values to
>         specific variables that my script was using.
>
>
>     So we now have confirmation that Nikos' site is subject to SQL
>     injection attacks on anything that he is not specifically
>     validating. And I'm absolutely sure that he has identified every
>     location where input needs to be validated, and that it is
>     impossible to get past the level of validation that he's doing, so
>     the site is completely secure! Just like the last time he claimed
>     that (and the time before, and the time before that ...).
>
>
> Not to mention the idiocy of exposing your web server logs to the
> outside world ... (no - I didn't go there - I want no chance of getting
> malware from his site).
>
> Tim Delaney


It was necessary post post web server's logs by doing
tail -f '/usr/local/apache/logs/error_log'

so to display the error message i got.

Also i never claimed i was a professional coder, i am an amateur at a 
beginner level and i do it out of hobby.

I could have designed my website in a CMS( wordpress, joomla) but i like 
programming and wanted to design and learn to code at the same time.

Since i'm an idiot as you call me try to hack it yourself since you are 
so smart.

And i don;t think it was an sql injection by the way.
It was just a manipulation of the 'page' variable my script is using.
Hacker was able to pass bogus info to that variable.

I believe he passed values to var 'page' via URL like

http://superhost.gr/?page='




More information about the Python-list mailing list