Hi everybody,
I found an error-based sql injection in my webserver.My database doesn't contain any private info.
I want to know if its possible to own my server just by using the info in information_shema.
Please tell me because i want to know if i have to fix it.I don't want to get hacked!
I can provide additional info if you need it.

Recommended Answers

All 2 Replies

I'm not sure about taking control of your server from an SQL injection attack but you can easily lose your database. I can't remember the exact SQL code but I have seen scripts that can ascertain table names from the system tables. If you allow SQL injection attacks hackers can bypass your logins, pull out all the data, make all your data disappear, etc.

Ok thanks,
I'm now fixing it

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.