advanced guest book 2.2

Alright, I am familiar with the sql injection that goes with advanced guest book. my question is, what if it has already been hacked/defaced by another? like say the administrator's page has been messed up so there is no logon there. could you go into the url and add something like:

admin.php?username=(sql injection) to make it work and be able to remove everything that was messed up?

how do those people manage to get rid of the log on and everything in admin.php?

sorry if these are really dumb questions, just trying to learn about it.

hungryhobo14 wrote: Alright, I am familiar with the sql injection that goes with advanced guest book. my question is, what if it has already been hacked/defaced by another? like say the administrator's page has been messed up so there is no logon there. could you go into the url and add something like:

admin.php?username=(sql injection) to make it work and be able to remove everything that was messed up?

Well, if that thing isn't working username=(sql), maybe the headers arent called 'username' and also, your questions are kinda dumb because I don't know what you are actually asking.

How the hell that site got messed and have you try the sql injection. And why do you want to remove what is messed up (maybe you want to hack it again). why why why…

sorry i didnt mean to be confusing.

The guestbook was hacked. and I want to try and undo what the other hacker did. but, if the hacker disabled or messed up the admin logon page, I was curious as how to get back to it. would doing an sql inject in the URL work like that?

Also, 2nd part.

How does a hacker actually go and cause that much damage to the guest book?

Can you PM me with the link? Don't worry. I wont HACK it. I will just try some things.

It is not easy to answer your questions if you don't know how is it structured.

If you wanna pm me, pm me.

I would also be intrested in that. Can you pm me the link to? (and no i wont HACK it either:whoa: )

Ayr4 wrote: I would also be intrested in that. Can you pm me the link to? (and no i wont HACK it either:whoa: )

hey. wait your turn :p

view the source to get the username and passwords "name" values, then make your own form using html and enter ' OR 1=1/* as the username without the `s, no password. and someone could completely mess with the guestbook by editing a comment and putting html in them :)

hope that helps

mr noob wrote: view the source to get the username and passwords "name" values, then make your own form using html and enter ' OR 1=1/* as the username without the `s, no password. and someone could completely mess with the guestbook by editing a comment and putting html in them :)

hope that helps

nah. I saw the site. Those bitches deleted everything.

The /img/ dir is stil there atleast:whoa:

so what you think so far?

how would they delete all that?

Well….since you can accsess almoast evrything it ain that hard…im working on it now

Ayr4 wrote: I would also be intrested in that. Can you pm me the link to? (and no i wont HACK it either:whoa: )

Trust me, he wont, cause he CAN'T! :D

Indeed HackingFjomp, maby you can show us how to do it?:whoa:

don't have the link..

and hungryhobo14, did you host the Guestbook?…

if yes, why dont you just fix it yourself :angry:

Fine sentlinktoHackingFjomp Now…show us you magic…Fjompe skillz! Ah, his mailbox is full..how Fj33t

my nick doesn't say "HackingFjomp"

Read Between the lines fucker..

Calm down babyborn, offcorse i know your nick isnt HackingForce:whoa:

guess that guestbook is hardcore fucked by Ayr4, so, don't ask me ;)

Lol, how can you fuck a website? :whoa:

Nah, its not mine. I just wanted to try and fix it hah.

it looks like they used remote php inclusion? (is that what its called?) So they brought in the script and it messed it up.

could one just make another script to replace it and include it?

Ayr4 wrote: Lol, how can you fuck a website? :whoa:

1. Take our your injection
2. Stick your injection in the form
3. Pull your injection back out of the form
4. Repeat steps 2-3 till process is complete :)

DigitalFire wrote: [quote]Ayr4 wrote: Lol, how can you fuck a website? :whoa:

1. Take our your injection
2. Stick your injection in the form
3. Pull your injection back out of the form
4. Repeat steps 2-3 till process is complete :)[/quote]

omg, ROfl :angry::D

:) sry bout that

LOL:whoa: