How did they do this?!?

speakeasy602

Junior Member
Joined
Aug 4, 2009
Messages
126
Reaction score
40
I have a phpLD directory set up on one of my domains, and I installed a script that approves pending links every 24 hours using cron jobs. Recently, I decided to see how many listings were in my directory, and there's around 20k different listings. At fist, I wrote it off as spam, and didn't really care, but when I actually went in to see some of the links, I noticed that most of the links were "featured listings"...

How did someone submit almost 20k links directly into the featured listings/categories. Some of the listings don't even have URLs, and that's a required field!

I assume that this is a sql hack or something, but I'm not 100% sure.

The only reason why I want to figure out how this was done is so I can do the same thing to other phpLD sites. Someone please help me answer this so I can exploit the hell out of it.
 

rakka

Newbie
Joined
Aug 14, 2010
Messages
21
Reaction score
7
If you know when it happened and you have access to the server logs you might be able to figure it out from that. I'd say chances are pretty good that its a SQL injection hack of some sort.
 

speakeasy602

Junior Member
Joined
Aug 4, 2009
Messages
126
Reaction score
40
If you know when it happened and you have access to the server logs you might be able to figure it out from that. I'd say chances are pretty good that its a SQL injection hack of some sort.

I wish I knew. I was retarded setting up those cron jobs for every 24 hours. The site has been on autopilot for like 2+ years. I can probably look in mysql to see if they were date stamped and go from there. That's a great idea.
 
Top