----------------------------------- xblade89 Fri Sep 29, 2006 12:07 pm I have a script error... ----------------------------------- Im making this script to test vulnerbility to a game I play this is the script I get this message when I run it: 100000000000); Mysql_query("Select Xblade89 from Users"); Update database(Xblade89++ x 10000); } Else(DIE BITCH){ Session_Destroy; } ?> can you guys help? ----------------------------------- xblade89 Fri Sep 29, 2006 5:14 pm noone? ----------------------------------- c mon guys I really need help with this ----------------------------------- octopi Fri Sep 29, 2006 5:32 pm ----------------------------------- Hello, where did you get this from? did you make it? Most of the code doesn't even make sense. First off, you don't use quotes around any of your strings. Secondly, you try to make a sql query, but haven't opened a connection to an sql server yet. Also your sql string, isn't valid either. The majority of this doesn't even look like php code. There isn't really much I can do to help you, as non of it makes sense, maybe if you try to explain what your trying to do? ----------------------------------- Cervantes Fri Sep 29, 2006 5:37 pm ----------------------------------- Is this just an elaborate way to advertise your site? ----------------------------------- xblade89 Fri Sep 29, 2006 5:47 pm Hey ----------------------------------- and no its not... basically what I am tryign to do, is connect to the database of url:www.bootleggers.us to test out its vulnerbility... I want to be able to search a user from the database who has an amount of "CASH" higher than 1 trillion, and when found it is updated to another user... so basically "tycoo" has over 1 trill, and i want to be able to update the database making "xblade89"s cash x10000 using tycoos wealth... if that makes sense... ----------------------------------- octopi Fri Sep 29, 2006 5:53 pm ----------------------------------- Do you own bootleggers.us? Do you have a mysql database? ----------------------------------- xblade89 Fri Sep 29, 2006 5:56 pm ----------------------------------- thats another thing im testing, if its possible to get into it... i dont own it, its owned by a friend, and he told me to get in... thats it... ----------------------------------- octopi Fri Sep 29, 2006 5:57 pm ----------------------------------- alright, well unless you own the site, and have the required passwords to get in, then you can't do what you want. Have you friend give you the following information, if hes stupid enough to give you this information then you can mess with his site. mysql server address mysql username mysql password and mysql database name. without that information you can't do anything. ----------------------------------- xblade89 Fri Sep 29, 2006 5:58 pm ----------------------------------- well his server has been intruded before, and he changed it all, which is why he wants me to figure out how.. is there n e way at all to find out the info? ----------------------------------- octopi Fri Sep 29, 2006 5:59 pm ----------------------------------- usually the mysql server is not the same as the webserver. no, unless you have that information you can not break into his site. ----------------------------------- xblade89 Fri Sep 29, 2006 6:00 pm ----------------------------------- but is the username/password part bypassable?... if i get the server address... is it possible to still access it? ----------------------------------- octopi Fri Sep 29, 2006 6:04 pm ----------------------------------- no, thats the whole idea of a username and password, to keep people out. secondly, trying to bypass such security measures could be considered a crime. (especially if your friends website is hosted by a company) in which case it wouldn't be wise to do such things, as you could land yourself in trouble. also I will not help you attempt to break into another persons machine. if you friend is scared about security flaws on his server he should perhaps contact his web hosting company and ask them if there are any flaws. ----------------------------------- md Fri Sep 29, 2006 11:49 pm ----------------------------------- Usually people run there sql servers locally only; that way they cannot be connected to at all from remote machines. If your really looking for vulnerabilities I'd sugest looking into SQL injection attacks and looking over his site for possible places to test it. 'course it's probably illegal to do any of this (depending where you are), and even if it's not I doubt you'll get any help from here. ----------------------------------- War_Caymore Mon Oct 02, 2006 12:08 pm ----------------------------------- can i post a good idea to bypass a pass and username? or will that get me into trouble? ----------------------------------- octopi Mon Oct 02, 2006 7:02 pm ----------------------------------- go for it. ----------------------------------- CyberGeek Mon Oct 02, 2006 9:43 pm ----------------------------------- /me is waiting :wink: :lol: