Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: OpenEx to be shut down[Hacked]
by
g4c
on 21/03/2014, 18:27:19 UTC
Quote from: milly6 on March 21, 2014, 04:22:12 PM
Quote from: g4c on March 21, 2014, 04:10:27 PM
Quote from: smeagol on March 11, 2014, 10:14:04 PM
Wasn't the code just the UI, not the trade engine?

The injection query was entered in the UI form. A form is a form.

The problem happened because the backend php code just took that malicious query and ran it.

The database code was written unsafely, the door was left wide open,  I'm suprised it didn't get taken sooner.

It should have been coded using PDO prepared statements.

If they used old school straight sql queries then I would think that many other doors and windows were open. I'll bet the sessions weren't safe from fixation etc.

Live and learn.

Yes and in a way it was a relatively cheap lesson, this dev WILL produce a harder system next time.

My condolences to the dev. don't be disuaded, come back harder, what you've learned is worth more than your loss.

And my hat off to you for trying to make all accounts as whole as possible. A true gentleman!