|
|
BamBam0077 |
18th April 2019 13:34 |
SQL INJECTION
Code:
$subject="Failed login";
$msg = "Security alert\n Account: ID=".$row['id']." Somebody (probably you, ".$username." !) tried to login but failed!". "\nTheir Ip Address was : ". $ip . "\n If this wasn't you please report this event to a {$TBDEV['site_name']} staff member\n - Thank you.\n";
$sql = "INSERT INTO messages (sender, receiver, msg, subject, added) VALUES('System', '$to', ". sqlesc($msg).", ". sqlesc($subject).", $added);";
$res = sql_query($sql) or sqlerr(__FILE__, __LINE__);
stderr("Login failed !", "Error: Username or password entry incorrect Have you forgotten your password? Recover your password !");
bark();
Code:
if ($fail[0] == 0)
sql_query("INSERT INTO failedlogins (ip, added, attempts) VALUES ($ip, $added, 1)") or sqlerr(__FILE__, __LINE__);
else
sql_query("UPDATE failedlogins SET attempts = attempts + 1 where ip=$ip") or sqlerr(__FILE__, __LINE__);
Code:
// check if email addy is already in use
$a = (@mysql_fetch_row(@sql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
if ($a[0] != 0)
stderr($lang['takesignup_user_error'], $lang['takesignup_email_used']);
Code:
$res = @mysql_query("SELECT passhash, editsecret, status FROM users WHERE id = $id");
$row = @mysql_fetch_assoc($res);
if (!$row)
stderr("{$lang['confirm_user_error']}", "{$lang['confirm_invalid_id']}");
if ($row['status'] != 'pending')
{
header("Refresh: 0; url={$TBDEV['baseurl']}/ok.php?type=confirmed");
exit();
}
Code:
@mysql_query("UPDATE users SET status='confirmed', editsecret='' WHERE id=$id AND status='pending'");
Code:
$pmcount = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM messages WHERE receiver=".$CURUSER['id']." AND location >= '1' || sender=".$CURUSER['id']." AND saved = 'yes' ")) or sqlerr(__FILE__,__LINE__);
Code:
if ($pm_id)
{
// Move a single message
@sql_query("UPDATE messages SET location=" . sqlesc($pm_box) . " WHERE id=" . sqlesc($pm_id) . " AND receiver=" . $CURUSER['id'] . " LIMIT 1");
}
|
All times are GMT +2. The time now is 19:59. |
|
Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.