YSE v2.0 PRE6
1 Attachment(s)
yep just went on the YSE site and found there is
YSE v2.0 (18.05.07) Pre 6 RC 0 (update 13.07.09) Translated with GOOGLE: Quote:
cheers |
There is still many security holes in this updated version...
|
This version is in Russian or English ? :sos:
EDIT: In Russian ,No thanks :D |
Quote:
HAVE you REALY checked? :) if so - post the bugs, and they will be fixed to TS: TBDev v2.0 (18.05.07) Pre 6 RC 0 (update 13.07.09) :P |
lol
AlaminT
Ok you say that this version is very safe!? No you know the truth there is still holes - why you just don't fix them if you are so smart? Holes and security vulnerabilities: news.php details.php modtask.php userdetails.php and so i can continue....also other files has holes or security vulnerabilities... I post only few file names where is the problems but however i say that there are still security problems... |
oh, details? realy?
news - you mean xss in title or returnto? :) modtask userdetails i think ehat you are posting is not a holes, post, please, go on post... |
AlaminT
news.php Code:
$body = $_POST["body"]; Code:
$body = htmlspecialchars($_POST["body"],ENT_QUOTES); |
useless:
block-news.php: Code:
format_comment($array['body']) PHP Code:
|
Are you sure?
details.php PHP Code:
PHP Code:
Or better change this to: PHP Code:
|
kp380lv i thought you would have picked up on this after we told you on Tbdev about the exact same stuff - The body you post about is under format_comment like said so learn to look deeper at code.
You say 0 + should be (int) ? - Again i dont agree there as they both do pretty much the same job :) Again your pushing an issue thats going to bite you in the arse - Go back to a test code and start learning - Funny thing is all these so called exploits .. i'd like to see the people that claim theres an exploit actually craft one and do damage - 90 % of it is all talk. |
Dont Mind Him!
dont mind kp380lv he will release his Nehalem and everyone will complain about bugs in that lol..
Hey AlaminT are u still working on pre7 or is it dead code to you? would love to see if i can help at any stage. Regards BoLaMN |
lol
BoLaMN
You don't know NOTHING about Nehalem...so keep your mouth...*****. Bigjoos no offence but you ask questions like kid..in my opinion safer is better and thats all.. In simpaty.php is XSS.. PHP Code:
PHP Code:
PHP Code:
PHP Code:
UPDATE: message.php PHP Code:
PHP Code:
PHP Code:
PHP Code:
|
agree - 0 + ... vs (int) = nothing cos those path expousure - is shitty just talk, NOTHING serious
USERS.PHP print("Поиск: htmlspecialchars($search)."\">\n"); YOU ARE BLIND simpaty.php, message.php yes, agree |
AlaminT
Lol then print vs echo also "has no difference":D |
practicaly - no difference, except print is a function and returns TRUE, and echo params like works faster than
|
AlaminT - So please include theese updates into next version..
|
if i will not forget...
|
Also don't forget this fix in testport.php in next YSE version - There is a XSS
PHP Code:
PHP Code:
|
That's great kp380lv
I think we can be away from disputes and to take it as a discussion to know holes and bugs and fix it. |
All times are GMT +2. The time now is 22:58. |
Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.