Jump to content
MakeWebGames

New Forums Exploit Alert!


chaoswar4u
 Share

Recommended Posts

Ive been made aware and proven to me of an new hack that is in V2 forums. Im really looking for help in fixing my forums for this issue.

Most are aware of the fix

Find

if($_GET['viewtopic'] and $_GET['act'] != 'quote') { $_GET['act']='viewtopic'; }

Replace

if(is_numeric($_GET['viewtopic']) and $_GET['act'] != 'quote') { $_GET['act']='viewtopic'; }

However there are other issues. If anyone could help me to secure my forums 100% then please post below fixes or contact me [email protected]

Im aware of forums posts regarding that many SQL injection protection codes im now left confused and really need to secure my site on yet again another forums exploit.

Many thx inadvance and please note to all if you only have the fix above then there is still a big userpass MD5 hash vunrability.

Link to comment
Share on other sites

Re: New Forums Exploit Alert!

I can't help with securing the mccodes forum, but there are third party forums that are far more secure than that forum is.

If you are going to go in and fix it, make sure all in put is type casted. If the input is supposed to be a number, make sure it's type casted that way.

If the input is a string, then make sure it has a mysql_real_escape_string() applied to it, along with any other checks that may apply.

For instance, if the string should only be "some option" or "another option" then check to make sure it matches one of those options.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...