|
#1
|
||||
|
||||
YSE v2.0 PRE6
yep just went on the YSE site and found there is
YSE v2.0 (18.05.07) Pre 6 RC 0 (update 13.07.09) Translated with GOOGLE: Quote:
cheers Last edited by Ashur; 31st October 2009 at 00:38. Reason: Update! |
#2
|
||||
|
||||
There is still many security holes in this updated version...
|
#3
|
|||
|
|||
This version is in Russian or English ?
EDIT: In Russian ,No thanks :D |
#4
|
||||
|
||||
i think that you have a little bit prejudicial view ;)
HAVE you REALY checked? :) if so - post the bugs, and they will be fixed to TS: TBDev v2.0 (18.05.07) Pre 6 RC 0 (update 13.07.09) :P |
#5
|
||||
|
||||
lol
AlaminT
Ok you say that this version is very safe!? No you know the truth there is still holes - why you just don't fix them if you are so smart? Holes and security vulnerabilities: news.php details.php modtask.php userdetails.php and so i can continue....also other files has holes or security vulnerabilities... I post only few file names where is the problems but however i say that there are still security problems... Last edited by kp380lv; 27th July 2009 at 18:17. Reason: update |
#6
|
||||
|
||||
oh, details? realy?
news - you mean xss in title or returnto? :) modtask userdetails i think ehat you are posting is not a holes, post, please, go on post... |
#7
|
||||
|
||||
AlaminT
news.php Code:
$body = $_POST["body"]; Code:
$body = htmlspecialchars($_POST["body"],ENT_QUOTES); |
#8
|
||||
|
||||
useless:
block-news.php: Code:
format_comment($array['body']) PHP Code:
|
#9
|
||||
|
||||
Are you sure?
details.php PHP Code:
PHP Code:
Or better change this to: PHP Code:
|
#10
|
||||
|
||||
kp380lv i thought you would have picked up on this after we told you on Tbdev about the exact same stuff - The body you post about is under format_comment like said so learn to look deeper at code.
You say 0 + should be (int) ? - Again i dont agree there as they both do pretty much the same job :) Again your pushing an issue thats going to bite you in the arse - Go back to a test code and start learning - Funny thing is all these so called exploits .. i'd like to see the people that claim theres an exploit actually craft one and do damage - 90 % of it is all talk. Last edited by Bigjoos; 30th July 2009 at 12:46. |
Tags |
pre6 , v20 , yse , yuna scatari pre6 |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
YSE PRE6 - Modded by kp380lv | kp380lv | Yuna Scatari Edition (YSE) | 75 | 6th September 2014 19:33 |
YSE v2.1.5 PRE6 | kp380lv | Yuna Scatari Edition (YSE) | 2 | 1st November 2009 06:46 |
YSE v2.1.3 PRE6 | Ashur | Yuna Scatari Edition (YSE) | 7 | 8th October 2009 22:41 |
YSE v2.0 PRE6 | Fynnon | Yuna Scatari Edition (YSE) | 19 | 20th July 2009 17:24 |
Need YSE PRE6 cache mod | kp380lv | Yuna Scatari Edition (YSE) | 1 | 25th December 2008 20:38 |