No announcement yet.

hacking attempt on p3tz via dbase? did this harm anything?

  • Filter
  • Time
  • Show
Clear All
new posts

  • hacking attempt on p3tz via dbase? did this harm anything?

    i got 100+ mysql errors in less then 10 seconds all with the following;
    i have a feeling someone tried to steal admin password with it.
    could you see if it worked? nothing weird is seeable at the site



    Database error in vBulletin 3.6.5:

    Invalid SQL:
    SELECT AS id, u.userid AS userid, u.usergroupid AS usergroupid,
    u.membergroupids AS membergroupids
    FROM petz_inventory AS i
    LEFT JOIN user AS u ON (i.userid = u.userid)

    WHERE'9995681' union SELECT 666,666 FROM user WHERE userid='1' and(ascii(substring(password,18,1))=48)/*';

    MySQL Error : The used SELECT statements have a different number of columns
    Error Number : 1222

    Date : Wednesday, March 14th 2007 @ 12:11:05 AM
    Script :\'+union+SELECT+666,666+FROM+user+WHERE+userid=\'1\'+and(a scii(substring(password,18,1))=48)/*

    - Tekst uit oorspronkelijke bericht niet weergeven -
    Referrer :
    IP Address :
    Username : Niet geregistreerd
    Classname : vb_database

  • #2
    This is a modification to vBulletin "vBPetz" and we can't provide support for this. Just assume that they've hacked you and change all your passwords. And go through all these steps:
    Sticky: How To Make My Forums More Secure


    • #3
      Allrighty i will, i know you cant provide support, but i hoped you guys could give me insight if it was indeed a scripted hacking attempt (by looking at the strings in the error) or if it was something harmless and by accident?



      • #4
        If that's the output: Then I have to guess no.


        • #5
          Thought so, since i havent had a vb database error in months.

          I'll have this checked by the mods of p3tz aswell, thanks for your support!