Bravo List
Register
Go Back   > Bravo List > Source Code > Trackers > TBDev
Reply
  #1  
Old 05-11-18, 05:53
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 293
Default recover.php SQL injection
PHP Code:
mysql_query("UPDATE users SET secret=" sqlesc($sec) . ", editsecret='', passhash=" sqlesc($newpasshash) . " WHERE id=$id AND editsecret=" sqlesc($arr["editsecret"])); 

You need to add ".sqlesc($id)." To stop SQL injection
Reply With Quote
  #2  
Old 05-11-18, 11:28
Napon's Avatar
Napon Napon is offline
Senior Member
 
Join Date: Feb 2016
P2P
Posts: 364
Default
PHP Code:
mysql_query("UPDATE users SET secret=" sqlesc($sec) . ", editsecret='', passhash=" sqlesc($newpasshash) . " WHERE id=$id AND editsecret=" sqlesc($arr["editsecret"])); 
Reply With Quote
  #3  
Old 05-11-18, 12:47
DND's Avatar
DND DND is offline
Support
 
Join Date: Dec 2008
Posts: 1,062
Default
this issue will have only old codes. newer codes are all patched
__________________
Need HELP!? I can install:

  1. Server/VPS (Debian,CentOS,Ubuntu,Fedora, FreeBSD) Optimization and ... + Modules
  2. Webserver Windows/Linux (Apache/Lighttpd/Nginx/Mysql/PhpMyAdmin/SSL) Optimization and ... + Modules
  3. Seedbox Windows/Linux (uTorrent,rTorrent,libTorrent,ruTorrent) + Modules
  4. TBDev Support
  5. Gazelle Support Install
  6. TSSE Install Support
Reply With Quote
  #4  
Old 05-11-18, 23:03
Napon's Avatar
Napon Napon is offline
Senior Member
 
Join Date: Feb 2016
P2P
Posts: 364
Default
DND very true
Same with torranttrader mysqli
Reply With Quote
  #5  
Old 01-12-18, 07:22
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 293
Default
My 2cents worth is people still download tbdev over other sources without realising the security risk and yeah I send them to other sources just like you though I find it interesting that no one has explained any of the insecurity of this engine except if you google tbdev09 exploits which is bullshit as I thought this forum was gonna teach it as I have noticed I have been misguided
Reply With Quote
  #6  
Old 01-12-18, 13:09
Napon's Avatar
Napon Napon is offline
Senior Member
 
Join Date: Feb 2016
P2P
Posts: 364
Default
fuill of crap i see again
Reply With Quote
Reply

Tags
injection , recoverphp , sql

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 15:13. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2019, vBulletin Solutions Inc.