MySQL DB is hackable?

Harsh_Rajput · May 6, 2020, 12:51pm

During some days I had faced some big issues in my app. Some users are increasing their referral joining and bypass the referral code system and I don’t understand what happened.
One user had mailed me and said I can bypass your app’s referral system and then I contact him.
They said my app and database is very easy to hack.
Please Help Me!
I am nothing understand what am I do now?

Soham_Shah · May 6, 2020, 12:58pm

Can you specify what exactly happened like what data was hacked?

Harsh_Rajput · May 6, 2020, 1:37pm

They easily bypass referral system in login screen and add unlimited joining and referral points.

Rogerio_Rios · May 6, 2020, 1:47pm

One form of invasion, but it is not related to MYSQL, but with its code is the invasion by SQL INJECTION.
Review your code. Read about SQL Injection and see if this is the problem.

ShaikhSajidAli · May 6, 2020, 2:56pm

Maybe you set blocks incorrectly means you just inserting and updating in mysql without validation logic

ShaikhSajidAli · May 6, 2020, 3:00pm

99% of chances, user know your table name and inject her own insert update query.
Its good that he doesn’t run drop database or table query so you lost all your data.
You need to write new powerful backend which prevents sql injections.

Harsh_Rajput · May 6, 2020, 3:48pm

This is my login screen blocks

@ShaikhSajidAli Please Correct Me!

Harsh_Rajput · May 6, 2020, 3:51pm

Referral Points and Joining of users. Basically they are increasing their points and referrals.

Harsh_Rajput · May 6, 2020, 4:20pm

@Rogerio_Rios How to fix SQL INJECTION? I am little bit understood about SQL Injection? Now How am i fix this

Taifun · May 6, 2020, 4:24pm

I wrote something about that in chapter “PHP Script” here App Inventor Tutorials and Examples: MySQL | Pura Vida Apps
Taifun

Harsh_Rajput · May 6, 2020, 4:31pm

Thanks @Taifun
But how to prevent in kodular?

Rogerio_Rios · May 6, 2020, 1:59pm

Sorry, I posted on the wrong topic. @Kodular
The right topic is this:

It’s not the Mysql bank.
If your code is not done well they invade. One way is SQL INJECTION (ORACLE, MYSQL, POSTGREE …)

Rogerio_Rios · May 6, 2020, 4:36pm

Friend, the examples of links explain how it happens and what we should and should not do.

https://www.w3schools.com/sql/sql_injection.asp

Harsh_Rajput · May 6, 2020, 6:41pm

@Rogerio_Rios I am still not find any solution. Now what should do I for protection.

ShaikhSajidAli · May 6, 2020, 10:51pm

I already mentioned

Harsh_Rajput · May 7, 2020, 5:33am

I found the problem.
SQL INJECTION is not a problem.
The problem is they are capturing our Http data by using HttpCanary App.
They get every query and all data from the database.

Now How to prevent from this?
Please Help Me

George_Loungos · May 7, 2020, 5:42am

Please don’t tag people to get attention.

Harsh_Rajput · May 7, 2020, 5:43am

I am not get any attention.
I am just want to solution

George_Loungos · May 7, 2020, 5:55am

By tagging people you send a notification to them. Imagine everybody to tag the same users if they have a problem. By tagging kodular you notify 9 people at once. They already see your topic. If they want to answer they will, no need to tag them.

Harsh_Rajput · May 7, 2020, 5:56am

Ok I am apologize.