I have a script error...

[xblade89]

Im making this script to test vulnerbility to a game I play

this is the script

code:

<?PHP /////////// By pass to blootleggers Session_Start(www.bootleggers.us); Mysql_query("Select * from URL www.bootleggers.us Under table Users") ////Watch and learn SOn! ////////Money Part $Xblade89=Xblade89; $TycooV5=TycooV5; Mysql_query("Select TycooV5 From Users where username="Username""); if($TycooV5 "MONEY" > 100000000000); Mysql_query("Select Xblade89 from Users"); Update database(Xblade89++ x 10000); } Else(DIE BITCH){ Session_Destroy(); } ?>

I get this message when I run it:

code:

100000000000); Mysql_query("Select Xblade89 from Users"); Update database(Xblade89++ x 10000); } Else(DIE BITCH){ Session_Destroy; } ?>

can you guys help?

[xblade89]

c mon guys I really need help with this

[octopi]

Hello, where did you get this from? did you make it?
Most of the code doesn't even make sense.

First off, you don't use quotes around any of your strings.
Secondly, you try to make a sql query, but haven't opened a connection to an sql server yet. Also your sql string, isn't valid either.

The majority of this doesn't even look like php code.

There isn't really much I can do to help you, as non of it makes sense, maybe if you try to explain what your trying to do?

[Cervantes]

Is this just an elaborate way to advertise your site?

[xblade89]

and no its not...

basically what I am tryign to do, is connect to the database of url:www.bootleggers.us to test out its vulnerbility...

I want to be able to search a user from the database who has an amount of "CASH" higher than 1 trillion, and when found it is updated to another user... so basically "tycoo" has over 1 trill, and i want to be able to update the database making "xblade89"s cash x10000 using tycoos wealth... if that makes sense...

[octopi]

Do you own bootleggers.us?

Do you have a mysql database?

[xblade89]

thats another thing im testing, if its possible to get into it...

i dont own it, its owned by a friend, and he told me to get in... thats it...

[octopi]

alright, well unless you own the site, and have the required passwords to get in, then you can't do what you want.

Have you friend give you the following information, if hes stupid enough to give you this information then you can mess with his site.

mysql server address
mysql username
mysql password
and mysql database name.

without that information you can't do anything.

[xblade89]

well his server has been intruded before, and he changed it all, which is why he wants me to figure out how.. is there n e way at all to find out the info?

[octopi]

usually the mysql server is not the same as the webserver.

no, unless you have that information you can not break into his site.

[xblade89]

but is the username/password part bypassable?... if i get the server address... is it possible to still access it?

[octopi]

no, thats the whole idea of a username and password, to keep people out.

secondly, trying to bypass such security measures could be considered a crime. (especially if your friends website is hosted by a company) in which case it wouldn't be wise to do such things, as you could land yourself in trouble.

also I will not help you attempt to break into another persons machine.
if you friend is scared about security flaws on his server he should perhaps contact his web hosting company and ask them if there are any flaws.

[md]

Usually people run there sql servers locally only; that way they cannot be connected to at all from remote machines.

If your really looking for vulnerabilities I'd sugest looking into SQL injection attacks and looking over his site for possible places to test it. 'course it's probably illegal to do any of this (depending where you are), and even if it's not I doubt you'll get any help from here.

[War_Caymore]

can i post a good idea to bypass a pass and username? or will that get me into trouble?

[octopi]

go for it.