Bravo List
Register
Go Back   > Bravo List > Source Code > Trackers > TBDev
Reply
  #1  
Old 05-11-18, 05:53
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 279
Default recover.php SQL injection
PHP Code:
mysql_query("UPDATE users SET secret=" sqlesc($sec) . ", editsecret='', passhash=" sqlesc($newpasshash) . " WHERE id=$id AND editsecret=" sqlesc($arr["editsecret"])); 

You need to add ".sqlesc($id)." To stop SQL injection
Reply With Quote
  #2  
Old 05-11-18, 11:28
Napon's Avatar
Napon Napon is online now
Senior Member
 
Join Date: Feb 2016
P2P
Posts: 274
Default
PHP Code:
mysql_query("UPDATE users SET secret=" sqlesc($sec) . ", editsecret='', passhash=" sqlesc($newpasshash) . " WHERE id=$id AND editsecret=" sqlesc($arr["editsecret"])); 
Reply With Quote
  #3  
Old 05-11-18, 12:47
DND's Avatar
DND DND is online now
Support
 
Join Date: Dec 2008
Posts: 1,035
Default
this issue will have only old codes. newer codes are all patched
__________________
Need HELP!? I can install:

  1. Server/VPS (Debian,CentOS,Ubuntu,Fedora, FreeBSD) Optimization and ... + Modules
  2. Webserver Windows/Linux (Apache/Lighttpd/Nginx/Mysql/PhpMyAdmin/SSL) Optimization and ... + Modules
  3. Seedbox Windows/Linux (uTorrent,rTorrent,libTorrent,ruTorrent) + Modules
  4. TBDev Support
  5. Gazelle Support Install
  6. TSSE Install Support
Reply With Quote
  #4  
Old 05-11-18, 23:03
Napon's Avatar
Napon Napon is online now
Senior Member
 
Join Date: Feb 2016
P2P
Posts: 274
Default
DND very true
Same with torranttrader mysqli
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 21:57. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2018, vBulletin Solutions Inc.