New Forums Exploit Alert!

[chaoswar4u]

Ive been made aware and proven to me of an new hack that is in V2 forums. Im really looking for help in fixing my forums for this issue.

Most are aware of the fix

Find

if($_GET['viewtopic'] and $_GET['act'] != 'quote') { $_GET['act']='viewtopic'; }

Replace

if(is_numeric($_GET['viewtopic']) and $_GET['act'] != 'quote') { $_GET['act']='viewtopic'; }

However there are other issues. If anyone could help me to secure my forums 100% then please post below fixes or contact me [email protected]

Im aware of forums posts regarding that many SQL injection protection codes im now left confused and really need to secure my site on yet again another forums exploit.

Many thx inadvance and please note to all if you only have the fix above then there is still a big userpass MD5 hash vunrability.

[Floydian]

Re: New Forums Exploit Alert!

I can't help with securing the mccodes forum, but there are third party forums that are far more secure than that forum is.

If you are going to go in and fix it, make sure all in put is type casted. If the input is supposed to be a number, make sure it's type casted that way.

If the input is a string, then make sure it has a mysql_real_escape_string() applied to it, along with any other checks that may apply.

For instance, if the string should only be "some option" or "another option" then check to make sure it matches one of those options.