If you're afraid of trying these tricks, I can give you an admin session link so you can login in my site as these hackers wannabe do in yours and we can test it there... PM me and we can set it up
function vcsinsert() {
if (ereg("DELETE FROM", $sql)) { //Is it a DELETE query?
$sqlvcs_sel = str_replace("DELETE", "SELECT *", $sql);
$result = $xoopsDB->query($sqlvcs_sel);
$vcsdata= base64_encode(serialize($result));
$vcsinsert= "INSERT INTO ´xoops_vcs´ (`vcs_id`,`vcs_content`,`vcsdate`) VALUES (´".$vcsid."´, ´".$vcsdata."´, ´somedate´)";
$xoopsDB->query($vcsinsert);
}
elseif (eregi("UPDATE [:print:]* SET", $sql)) { //Is it an UPDATE query?
$sv_sel = str_replace("SET [:print:]* WHERE", "", $sql);
$sqlvcs_sel = str_replace("UPDATE", "SELECT * FROM", $sql);
$result = $xoopsDB->query($sqlvcs_sel);
$vcsdata= base64_encode(serialize($result));
$vcsinsert= "INSERT INTO ´xoops_vcs´ (`vcs_id`,`vcs_content`,`vcsdate`) VALUES (´".$vcsid."´, ´".$vcsdata."´, ´somedate´)";
$xoopsDB->query($vcsinsert);
}
else {echo "The VCS has found an error and borked like totally";}