Hi All,
the admin hacks list could have a potential issue:
http://milw0rm.com/exploits/2851
I didn't try the exploit, but after looking at the code, I would fix it in this way:
OPEN adm/admin_hacks_list.php
FIND
BEFORE ADD
You should apply this patch as soon as possible.
Icy Phoenix
Old Patches - 058-015 - Admin Hacks List SQL Injection
Mighty Gorgon [ Tue 28 Nov, 2006 23:19 ]
Post subject: 058-015 - Admin Hacks List SQL Injection
Post subject: 058-015 - Admin Hacks List SQL Injection
Zuker [ Tue 28 Nov, 2006 23:59 ]
Post subject: Re: 058-015 - Admin Hacks List SQL Injection
Post subject: Re: 058-015 - Admin Hacks List SQL Injection
Thanks MG, patched on my site
moreteavicar [ Wed 29 Nov, 2006 15:50 ]
Post subject: Re: 058-015 - Admin Hacks List SQL Injection
Post subject: Re: 058-015 - Admin Hacks List SQL Injection
Thanks MG 
Skorpion [ Wed 29 Nov, 2006 16:39 ]
Post subject: Re: 058-015 - Admin Hacks List SQL Injection
Post subject: Re: 058-015 - Admin Hacks List SQL Injection
done 
fab120 [ Wed 29 Nov, 2006 19:19 ]
Post subject: Re: 058-015 - Admin Hacks List SQL Injection
Post subject: Re: 058-015 - Admin Hacks List SQL Injection
I Have tested the bug but it don't work on XS.
however thanks you for the patch!
however thanks you for the patch!
TheSteffen [ Fri 01 Dec, 2006 14:03 ]
Post subject: Re: 058-015 - Admin Hacks List SQL Injection
Post subject: Re: 058-015 - Admin Hacks List SQL Injection
Thanks a lot 