How did they do this?!?

I have a phpLD directory set up on one of my domains, and I installed a script that approves pending links every 24 hours using cron jobs. Recently, I decided to see how many listings were in my directory, and there's around 20k different listings. At fist, I wrote it off as spam, and didn't really care, but when I actually went in to see some of the links, I noticed that most of the links were "featured listings"...

How did someone submit almost 20k links directly into the featured listings/categories. Some of the listings don't even have URLs, and that's a required field!

I assume that this is a sql hack or something, but I'm not 100% sure.

The only reason why I want to figure out how this was done is so I can do the same thing to other phpLD sites. Someone please help me answer this so I can exploit the hell out of it.

If you know when it happened and you have access to the server logs you might be able to figure it out from that. I'd say chances are pretty good that its a SQL injection hack of some sort.

rakka said:

If you know when it happened and you have access to the server logs you might be able to figure it out from that. I'd say chances are pretty good that its a SQL injection hack of some sort.

Click to expand...

I wish I knew. I was retarded setting up those cron jobs for every 24 hours. The site has been on autopilot for like 2+ years. I can probably look in mysql to see if they were date stamped and go from there. That's a great idea.