 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 174 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
SQL Injection Vulnerability! |
|
 Raven writes "Sites are being exposed even as I write this! This is still in 7.0 and 7.1. Check your modules/Reviews/index.php file for the following code. There should be 2 instances.
WHERE id=$id
If you have it, then you MUST modify it to
WHERE id='$id' .
Otherwise your admin passwords can be exposed. They are still encrypted, but depending on how serious someone was to get them, they might! please note that Chatserv's Patches have this fix in them.
Admin Note: An advisory to those using Nuke Cops PHP-Nuke Bundle, this has been fixed in 2003 already. "
|
|
Posted on Sunday, February 08 @ 14:38:08 CET by sting |
|
|
|
|
| |
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: SQL Injection Vulnerability! (Score: 1)
by Ronin on Sunday, February 08 @ 17:27:08 CET
(User Info | Send a Message) | Any comments on how Nuke6.5 users (which I assume are still the greatest majority) should deal with the 15 occurrences of "id=$id" in this file?
Cheers,
Ronin |
| | | | |
Re: SQL Injection Vulnerability! (Score: 1)
by Raven on Sunday, February 08 @ 17:38:50 CET
(User Info | Send a Message) http://ravenphpscripts.com | | I actually submitted this to Nuke Cops last Wednesday! In the meantime, Chat and I have both posted suggested work-arounds/fixes. See my site [ravenphpscripts.com] for the news items and forum discussions. |
| | | | | |
|
