Hi everybody,
I found an error-based sql injection in my webserver.My database doesn't contain any private info.
I want to know if its possible to own my server just by using the info in information_shema.
Please tell me because i want to know if i have to fix it.I don't want to get hacked!
I can provide additional info if you need it.

I'm not sure about taking control of your server from an SQL injection attack but you can easily lose your database. I can't remember the exact SQL code but I have seen scripts that can ascertain table names from the system tables. If you allow SQL injection attacks hackers can bypass your logins, pull out all the data, make all your data disappear, etc.

Ok thanks,
I'm now fixing it

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.18 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.