Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > TBDev
Reply
  #1  
Old 5th November 2018, 05:53
BamBam0077 BamBam0077 is offline
Banned
 
Join Date: Jul 2013
P2P
Posts: 410
Default recover.php SQL injection
PHP Code:
mysql_query("UPDATE users SET secret=" sqlesc($sec) . ", editsecret='', passhash=" sqlesc($newpasshash) . " WHERE id=$id AND editsecret=" sqlesc($arr["editsecret"])); 

You need to add ".sqlesc($id)." To stop SQL injection
Reply With Quote
  #2  
Old 5th November 2018, 11:28
Napon Napon is offline
Banned
 
Join Date: Feb 2016
P2P
Posts: 522
Default
PHP Code:
mysql_query("UPDATE users SET secret=" sqlesc($sec) . ", editsecret='', passhash=" sqlesc($newpasshash) . " WHERE id=$id AND editsecret=" sqlesc($arr["editsecret"])); 
Reply With Quote
  #3  
Old 5th November 2018, 12:47
DND DND is offline
VIP
 
Join Date: Dec 2008
Posts: 1,241
Default
this issue will have only old codes. newer codes are all patched
__________________
Need HELP!? I can install:

  1. Server/VPS (Debian,CentOS,Ubuntu,Fedora, FreeBSD) Optimization and ... + Modules
  2. Webserver Windows/Linux (Apache/Lighttpd/Nginx/Mysql/PhpMyAdmin/SSL) Optimization and ... + Modules
  3. Seedbox Windows/Linux (uTorrent,rTorrent,libTorrent,ruTorrent) + Modules
  4. Multiple source code engines
  5. Linux Server Administration (security, cryptography/encryption, proxy, load balancer, custom ddos firewall)
Reply With Quote
  #4  
Old 5th November 2018, 23:03
Napon Napon is offline
Banned
 
Join Date: Feb 2016
P2P
Posts: 522
Default
DND very true
Same with torranttrader mysqli
Reply With Quote
  #5  
Old 1st December 2018, 07:22
BamBam0077 BamBam0077 is offline
Banned
 
Join Date: Jul 2013
P2P
Posts: 410
Default
My 2cents worth is people still download tbdev over other sources without realising the security risk and yeah I send them to other sources just like you though I find it interesting that no one has explained any of the insecurity of this engine except if you google tbdev09 exploits which is bullshit as I thought this forum was gonna teach it as I have noticed I have been misguided
Reply With Quote
  #6  
Old 1st December 2018, 13:09
Napon Napon is offline
Banned
 
Join Date: Feb 2016
P2P
Posts: 522
Default
fuill of crap i see again
Reply With Quote
Reply

Tags
injection , recoverphp , sql

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 17:39. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.