Bravo List - SQL Injection adminCP

Bravo List (http://www.bvlist.com/index.php)

- Torrent Trader (http://www.bvlist.com/forumdisplay.php?f=29)

- - SQL Injection adminCP (http://www.bvlist.com/showthread.php?t=11824)

BamBam0077

4th November 2018 23:34

SQL Injection adminCP

Hey I don't know if any of you guys checked your admincp fully you will see vars inside an query not covered with sqlesc() you might do so by going to your /var/www/html/ grab admincp.php now search for your sql_query and update the vars to be protect with sqlesc() also I know it is not like tbdev so sql query is different and you will need to check tbdev to get sqlesc() it was a quick scan if you know more then please share with me here :gum:
https://images2.imgbox.com/46/73/yck5nAjc_o.png

Napon

4th November 2018 23:52

just remove this part in admin cp as its never been fin off so your post no good mate theres no working update to this at all

BamBam0077

1st December 2018 07:17

PDO works with it and as for it not being complete is based on your knowledge or what work you have done for torrent trader it is simple don't be an arse about it. :gum:

Napon

1st December 2018 13:08

shoot the fuck up you fucking diuck know all know fuck all:muscle:
side note dickweed i do not user torrant trader

All times are GMT +2. The time now is 19:44.