XSS

Azi am intrat pe blogul unui coleg care a descoperit niste brese in scriptul unui site…
tin sa il anunt ca atat timp cat nu are acces la DB, nu e chestie de securitate. Cateva dintre linkuri le-am verificat si eu, insa nu am reusit sa capat acces la db. Singura chestie care a uitat saracul programator sa o faca era un html_eneties();

Did you recently encounter “Error 1251: Client does not support authentication protocol requested by server; consider upgrading MySQL client” error?
This is a common issue for MySQL server 4.1 and higher. Starting 4.1 version, MySQL changed the authentication algorithm to a better password hashing one. All older clients are trying to connect using the old authentication algorithm and this is the source of the error.
However, MySQL offers the OLD_PASSWORD function for backward compatibility.

These are the steps:
1. start mysql from console:

cd c:program filesmysqlmysql server 4.1binmysql

Optionally, if you changed the root password, you should use

cd c:program filesmysqlmysql server 4.1binmysql -u root

2. after connection, use the following statement

SET PASSWORD FOR root@localhost = OLD_PASSWORD('old_password_here');

That’s it! Now all new and old clients will work.