Site Hacked - Security Assist
I have built a custom cms for a website with DataAssist and other extensions secured with Security Assist. Yesterday, my site was hacked in the following ways:
1. Hacker uploaded images - I assume via backend insert/update forms.
2. Added text - again i assume using insert/update form.
They could have done a lot more damage, but luckily did not.
All forms are password protected via security assist, so I need to understand how/why this happened.
Could someone from support please open a ticket, at which time I can provide urls and access to my site for you to take a quick look.
I was reading another thread here regarding setting up read-only database users for front end pages, but I really would like someone to look at me site and let me know if the see any holes and if this is sql injection: