chaoswar4u Posted June 12, 2008 Share Posted June 12, 2008 Ive been made aware and proven to me of an new hack that is in V2 forums. Im really looking for help in fixing my forums for this issue. Most are aware of the fix Find if($_GET['viewtopic'] and $_GET['act'] != 'quote') { $_GET['act']='viewtopic'; } Replace if(is_numeric($_GET['viewtopic']) and $_GET['act'] != 'quote') { $_GET['act']='viewtopic'; } However there are other issues. If anyone could help me to secure my forums 100% then please post below fixes or contact me [email protected] Im aware of forums posts regarding that many SQL injection protection codes im now left confused and really need to secure my site on yet again another forums exploit. Many thx inadvance and please note to all if you only have the fix above then there is still a big userpass MD5 hash vunrability. Quote Link to comment Share on other sites More sharing options...
Floydian Posted June 13, 2008 Share Posted June 13, 2008 Re: New Forums Exploit Alert! I can't help with securing the mccodes forum, but there are third party forums that are far more secure than that forum is. If you are going to go in and fix it, make sure all in put is type casted. If the input is supposed to be a number, make sure it's type casted that way. If the input is a string, then make sure it has a mysql_real_escape_string() applied to it, along with any other checks that may apply. For instance, if the string should only be "some option" or "another option" then check to make sure it matches one of those options. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.