Wed, 25 Dec 2024
Total Visits
35430198
Visitors today:
1052
Main Menu
Home
Free Scripts
Forum
Guestbook
Repository
Contact
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features.
Show recent topics
Search
Hottest Topics
Member Listing
FAQ
Register
/
Login
Vulnerabilities in png counter.
Forum Index
»
Support Forum
Author
Message
26/04/2009 23:54:15
Subject:
Vulnerabilities in png counter.
cartman-2000
Beginner
Joined: 21/06/2003 06:42:30
Messages: 5
Offline
There are a couple vulnerabilities in png counter that can allow mysql injection or writing of files outside of the page directory.
To fix it change this:
$page = (!isset($HTTP_GET_VARS['page'])) ? "count" : $HTTP_GET_VARS['page']; $digit = (!isset($HTTP_GET_VARS['digit'])) ? "scoreboard" : $HTTP_GET_VARS['digit'];
To this:
$_GET['page'] = str_replace("..","",$_GET['page']); $_GET['page'] = str_replace("/","",$_GET['page']); $_GET['digit'] = str_replace("..","",$_GET['digit']); $_GET['digit'] = str_replace("/","",$_GET['digit']); $page = (!isset($_GET['page'])) ? "count" : $_GET['page']; $digit = (!isset($_GET['digit'])) ? "scoreboard" : $_GET['digit'];
And add above line:
$sql = "SELECT page,count FROM counter WHERE page = '$page'";
This:
$page = mysql_real_escape_string($page);
webmaster of
sc.cartman2000.net
27/04/2009 09:00:00
Subject:
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
I have passed this information on to Chi Kien Uong.
Carbonize
I am not the maker of the Advanced Guestbook
get
Lazarus
Forum Index
»
Support Forum
Go to:
Select a forum
General Discussion
Support Forum
German Forum
Advanced Guestbook Forum
Advanced Guestbook Modifications
Based on the open source
JForum