Icy Phoenix

     
 

Home » Forum » Icy Phoenix Support » Older Versions Archive » Old Patches

The time now is Sun 19 May, 2013 10:15 • All times are UTC + 1 Hour [DST enabled]
View previous topic Recent Topics Enable KB mode Download Topic Printable Version Email to a Friend View next topic

058-015 - Admin Hacks List SQL Injection


Post new topic  This topic is locked: you cannot edit posts or make replies.  		Page 1 of 1
 
 
Offline Mighty Gorgon Gender: Male
Luca Libralato
Site Admin
avatar
Joined: August 2006
Posts: 6814
Location: italia.png Borgo San Michele
 
 
Reply with quote Download Post 
Post 058-015 - Admin Hacks List SQL Injection 
 
Hi All,
the admin hacks list could have a potential issue:

http://milw0rm.com/exploits/2851

I didn't try the exploit, but after looking at the code, I would fix it in this way:

OPEN adm/admin_hacks_list.php

FIND
Code: [Download] [Hide] [Select]
if (count($_POST))


BEFORE ADD
Code: [Download] [Hide] [Select]
$hack_id = intval($hack_id);


You should apply this patch as soon as possible.
 




____________
Luca
SEARCH is the quickest way to get support.
Icy Phoenix ColorizeIt - CustomIcy - HON
 
#1  Tue 28 Nov, 2006 23:19
Mighty Gorgon - View user's profileSend private messageVisit poster's websiteView user's personal gallery 
Back to topPage bottom
Thanks for the useful Topic Mighty Gorgon:
m740 (29 November), nickjack (29 November), Zuker (29 November), buldo (29 November), ThE KuKa (29 November), brandsrus (29 November), TheSteffen (01 December) 
Sponsors
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Support us
 
Offline Zuker Gender: Male
Staff
avatar
Joined: August 2006
Posts: 2134
Location: argentina.png BA
 
 
Reply with quote Download Post 
Post Re: 058-015 - Admin Hacks List SQL Injection 
 
Thanks MG, patched on my site
 




____________
? Zuker - EDDB - LPM - Sharefields
 
#2  Tue 28 Nov, 2006 23:59
Zuker - View user's profileSend private messageVisit poster's websiteView user's personal gallery 
Back to topPage bottom
Offline moreteavicar 
Staff
avatar
Joined: August 2006
Posts: 608
Location: blank.gif Classified
 
 
Reply with quote Download Post 
Post Re: 058-015 - Admin Hacks List SQL Injection 
 
Thanks MG
 



 
#3  Wed 29 Nov, 2006 15:50
moreteavicar - View user's profileSend private messageView user's personal gallery 
Back to topPage bottom
Offline Skorpion Gender: Male
 
avatar
Joined: October 2006
Posts: 11
Location: italia.png Lanciano
 
 
Reply with quote Download Post 
Post Re: 058-015 - Admin Hacks List SQL Injection 
 
done
 




____________
Daniele Caporrella
www.pionierilanciano.org/forum
 
#4  Wed 29 Nov, 2006 16:39
Skorpion - View user's profileSend private messageVisit poster's website 
Back to topPage bottom
Offline fab120 Gender: Male
 
avatar
Joined: August 2006
Posts: 41
Location: italia.png
 
 
Reply with quote Download Post 
Post Re: 058-015 - Admin Hacks List SQL Injection 
 
I Have tested the bug but it don't  work on XS.

however thanks you for the patch!
 




____________
My english isn't perfect!

http://fab120.netsons.org
http://risorsegratis.webarrivo.com
 
#5  Wed 29 Nov, 2006 19:19
fab120 - View user's profileSend private messageVisit poster's website 
Back to topPage bottom
Offline TheSteffen Gender: Male
Designer
avatar
Joined: August 2006
Posts: 1607
Location: germany.png Magdeburg
 
 
Reply with quote Download Post 
Post Re: 058-015 - Admin Hacks List SQL Injection 
 
Thanks a lot
 



 
#6  Fri 01 Dec, 2006 14:03
TheSteffen - View user's profileSend private message 
Back to topPage bottom
Post new topic  This topic is locked: you cannot edit posts or make replies.  Page 1 of 1
 


Display posts from previous:    

HideWas this topic useful?

Link this topic
URL
BBCode
HTML

Home » Forum » Icy Phoenix Support » Older Versions Archive » Old Patches

The time now is Sun 19 May, 2013 10:15 • All times are UTC + 1 Hour [DST enabled]
View previous topic Recent Topics Enable KB mode Download Topic Printable Version Email to a Friend View next topic




 
Permissions List
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events
  

 
 Powered by Icy Phoenix based on phpBB
Lo-Fi Version
Generation Time: 0.1735s (PHP: 25% SQL: 75%)
SQL queries: 15 - Debug On - GZIP Enabled
Design by Mighty Gorgon