[wp-hackers] Wordpress database encryption.
jackie sparks
jackie.craig.sparks at live.com
Sun Nov 27 06:11:51 UTC 2011
Only kids want to use SQL injections to be destructive. The pros use them to gain passwords for access, also to deface sites.(alot of people use the same passswords for everything. So if they gain the email address, a user name and password. Then they can go google dorking / phishing for more accounts with different services that the person uses and gain access to those services. A properly formed injection can pull data from other tables and display it places the original data was supposed to appear.
So a photo album plugin they might decide to place usernames and passwords inside the places where the photo links will appear them.
I'm in no way a pro at sql injections.
--[Witty Signature Goes Below]---------------------------------------------------------------------------------------------------------------------
--[....]------
http://www.linkedin.com/profile/view?id=53668912&trk=tab_pro - linked in profile
http://www.facebook.com/skrapsrwt - feel free to add me on facebook.
http://www.ipetitions.com/petition/foodstamps/
http://www.ipetitions.com/petition/nodeaddawgs/
http://www.ipetitions.com/petition/mcdlunch/
http://www.causes.com/causes/633686-no-dead-dawgs
http://www.phonesnake.com - looking for support by sharing and liking our page and also sponsors to help with the project.
http://www.communicationslibrary.info - taking the knowlege outside the classroom so anyone can be a technician
http://chunkhost.com/r/getachunk - Support my VPS host sign up now
http://www.facebook.com/profile.php?ref=profile&id=100000140654932
https://www.scriptlance.com/cgi-bin/freelancers/feedback.cgi?p=rwtskraps
http://twitter.com/#!/skraps_foo
http://twitter.com/#!/phonesnake
http://skraps.pastebin.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=
This e-mail (including attachments) is covered by the Electronic
Communications Privacy Act, 18 U.S.C. Sections 2510-2521, is
confidential, and is intended solely for the use of the individuals or
entities to whom it is addressed. If you are not the intended
recipient or the person responsible for delivering the e-mail to the
intended recipient, be advised that you have received this e-mail in
error and that any use, dissemination, forwarding, printing, or
copying of this e-mail and any file attachments is strictly
prohibited. If you have received this e-mail in error, please
immediately notify me by email at jackie.craig.sparks at live.com. You must destroy
the original transmission and its contents.
> From: mikeschinkel at newclarity.net
> Date: Sun, 27 Nov 2011 01:02:00 -0500
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] Wordpress database encryption.
>
> On Nov 27, 2011, at 12:37 AM, jackie sparks wrote:
> > Miscoded and rouge plugins, I'm talking about plugins that allow SQL injections. Not plugins that actually look like they have bad intent.
>
> I'm confused. Isn't SQL injection mostly destructive, and not for accessing information? Doesn't matter if a table's data is encrypted dropping a table still drops a table.
>
> Of course I don't consider myself a security expert so maybe I'm wrong about this and it is reasonable to use SQL injection to access data?
>
> > --[Witty Signature Goes Below]-- ...
>
> Also, what's with all those links in your email?
>
> -Mike
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list