it was an asp page with an access db. i believe this vunerability can easily be applied to mysql or any other database also though.

the method that i used is called a sql injection attack. some relevant threads:
http://www.sitepointforums.com/showthread.php?s=&threadid=83772
http://www.sitepointforums.com/showthread.php?s=&threadid=60643

it was way to easy, all i put into the login and password boxes was this: ' or 'a'='a

Lucas,
I think that it would only be fair to clarify a couple of points.
1) This account is not hosted on an Insiderhosting.com server.

2) This deals with a windows script (MS SQL) from the looks of it, not mysql, and this is more for developers and how they should code safely than for ordinary clients.

-Steven

http://www.php.net/manual/en/security.database.php

oh, didn't mean to freak people out. thats why i put it in the scripts forum, i figured everyone that visited this forum was a developer in some shape or form. :cool:

and to further clarify, steve is right, this ASP script is not on insiderhosting.com. insiderhosting runs the linux operating system which supports PHP.

furthermore, this is entirely a developer issue and has absolutely nothing to do with the webhost it resides on.

however, i posted this because it is a potential problem with all databases, no matter what kind. this is just as easily applied to mysql as it is to access, sql server, or the other thousand databases.

anyone that uses a database for user authentication to enter sensitive areas should look into it. ;)