I'm looking guys who can help me search security holes on PRE7 v2.2.
Who knows how to look's XSS hole and SQL subscribe HERE to help make better YSE PRE7!
Objective:
Search for security holes
Search functionality errors.
Preview of XSS hole: stats.php
Code:
$uporder = $_GET['uporder'];
$catorder =$_GET["catorder"];
Should be to
Code:
$uporder = intval($_GET['uporder']);
$catorder = intval($_GET["catorder"]);
P.S
I create new theme too for this version;)