SQL Injection Attacks

  • Posted
  • Proposals 1
  • Remote
  • #1198
  • Expired
Dinesh S. has already sent a proposal.
  • 0

Description

Experience Level: Expert
Modify current shopping cart script @ www.have.co.uk (very simple cart)

Fix existing code to prevent an MYSQL injection attack

Identify situations where an MYSQL injection attack may allow unauthorized persons to penetrate our existing MSQL cart.

Overview:

Unauthorized person is hacking into the MYSQL database. Adding javascript to the product descriptions.

So far i've established:

1. They know password/database name

2. Add code to product descriptions. View some registered customer details

They don't appear to have full control. For example change/delete database tablets, add code to product prices, product title etc; etc;

No static pages have been hacked.

I've encrypted scripts with zen, changed passwords didn't make any difference.

I've not tried a different host.

**BIDDER MUST HAVE EXPERIENCE IN MYSQL INJECTION VULNERABILITIES

Clarification Board

    There are no clarification messages.