MyBB Community Forums

Well, I've read the (fake) admin cp logs and the person was inserting this as the password:

Username: Admin
Password: 1'or'1'='1

Username: '
Password: a=a

Username: '
Password: =

Username: admin
Password: 1'or'1'='1

Username: Admin
Password: 1'1

Username: eggplant you
Password: 1'1'

Username: This is a fake admin
Password: CP

Username: Good Luck Admin
Password: and nice forum



Is he trying to sql inject or something?

(2011-04-20, 12:31 AM)Renegader Wrote: [ -> ]Is he trying to sql inject or something?

Yes, and has failed badly. No variable, no double dash.

He tried, lol.

And this plugin doesn't connect to mysql, so nothing will ever work anyway. The plugin is proving its worth.

(2011-04-20, 12:50 AM)Solidus Wrote: [ -> ]And this plugin doesn't connect to mysql, so nothing will ever work anyway. The plugin is proving its worth.

Which plugin are we referring to?

Yeah, it's actually pretty useful.

Does it the log the IP too? Check it against registered users and ban them.

Yeah, it's under the password but I didn't want to post it here.

No user found for that IP!
Haha, I think he knows I can read it, look:

Username: ~snip~ you
Password: 1'1'

Username: This is a fake admin
Password: CP

Username: Good Luck Admin
Password: and nice forum

Haha.

Are they from the same IP? Someone from here could've done it.