SQL injection attack

SQL injection attack

El Forum
Unregistered

06-02-2013, 10:04 AM

[eluser]frederico[/eluser]
Hi,

I am running codeigniter 2.1.0. Yesterday i found all the passwords in my users table changed to a similar one but they were encrypted.

I suspect an sql injection on the forgot password form. I am using active record which i thought would take care of SQL injections. My query uses:
this->db->where() and this->db->update

It selects where the email address is equal to the entered then updates with a new password and emails it to the email address.

Messages In This Thread

SQL injection attack - by El Forum - 06-02-2013, 10:04 AM

SQL injection attack - by El Forum - 06-02-2013, 10:03 PM

SQL injection attack - by El Forum - 06-03-2013, 02:31 AM

SQL injection attack - by El Forum - 06-03-2013, 02:32 AM

SQL injection attack - by El Forum - 06-03-2013, 06:18 AM

SQL injection attack - by El Forum - 06-03-2013, 06:33 AM

SQL injection attack - by El Forum - 06-03-2013, 07:43 AM

SQL injection attack - by El Forum - 06-03-2013, 07:54 AM

SQL injection attack - by El Forum - 06-04-2013, 05:33 AM

SQL injection attack - by El Forum - 06-05-2013, 08:30 PM

SQL injection attack - by El Forum - 06-08-2013, 04:46 PM

SQL injection attack - by El Forum - 08-22-2013, 06:41 AM

SQL injection attack - by El Forum - 08-22-2013, 07:45 AM

SQL injection attack - by El Forum - 08-23-2013, 03:39 AM

SQL injection attack - by El Forum - 08-23-2013, 06:51 AM

SQL injection attack - by El Forum - 08-23-2013, 06:55 AM

SQL injection attack - by El Forum - 08-23-2013, 08:17 AM

SQL injection attack - by El Forum - 08-25-2013, 03:29 AM

SQL injection attack - by El Forum - 08-27-2013, 01:37 AM