New link in the top of page "IRC Chat".
|Register | Login|
| Active users
| Last Posts
| IRC Chat
| Online users
Ranks | FAQ | XPW | Stats | Color Chart | Photo album
|0 users currently in Help & Suggestions.|
|There is ALWAYS a way to get into a board.
Half of these places have glaring cookie errors (which i will not explain) that a normal member can use to make himself a root admin.
Back up often..take every precaution you know of..and keep your fingers crossed. That's all you can really do.
|I told this many times: There nothing wrong by pointing a fix. I mean, experienced hacker will find a way, anyway.
And guess what, Xeo knows about SQL injections because of an article I gave him a link to, on php.net
|Nope. Love this board too much to deal in pettiness. Don't mind me...bad week. Come to think of it, all my weeks are generally bad.|
Originally posted by Zabuza
By simply pointing out an issue with SQL injection?
Obviously you haven't even taken a look at the AcmlmBoard code, or maybe even anything-PHP for that matter.
If by me simply pointing out that some variables need to be put into intval before the SQL update reveals an exploit, by all means, show me.
|And by essentially posting how to keep hackers away, you've enabled them to find a way to get around things. Bravo!|
|This is a small fix that I know of:
In editprofile at the bottom after $loguserid = intval($loguserid);, add
$pemail = intval($pemail);
$signsep = intval($signsep);
$sscheme = intval($sscheme);
$posttool = intval($posttool);
For the most part that will prevent people from being able to admin themself through editprofile, but I'm sure there's still bugs on it. Luckily the AcmlmBoard team seems to be patching a lot of things up, hopefully we'll get a new release soon.
|My forum uses the same the thing that powers this board i was just wondering if theres a way to prevent a hacker from hacking in a ruining my board|