Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
sixonetonoffun
Spouse Contemplates Divorce



Joined: Jan 02, 2003
Posts: 2496

PostPosted: Wed May 05, 2004 8:27 pm Reply with quote

Ok I only tried on the most recent files didn't apply the extra code changes.
 
View user's profile Send private message
chatserv
Member Emeritus



Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Wed May 05, 2004 8:45 pm Reply with quote

Code:
$result=sql_query("SELECT lid, url, title, description, date, hits, downloadratingsummary, totalvotes, totalcomments, filesize, version, homepage FROM ".$prefix."_downloads_downloads WHERE sid=$sid order by $orderby limit $min,$perpage", $dbi);

Change to:
Code:
$result=sql_query("SELECT lid, url, title, description, date, hits, downloadratingsummary, totalvotes, totalcomments, filesize, version, homepage FROM ".$prefix."_downloads_downloads WHERE sid='$sid' order by $orderby limit $min,$perpage", $dbi);
 
View user's profile Send private message Visit poster's website
sixonetonoffun







PostPosted: Wed May 05, 2004 9:28 pm Reply with quote

Yeah that does it wonders.
 
sixonetonoffun







PostPosted: Thu May 06, 2004 5:12 am Reply with quote

In 7.2 its a little different too.

Code:


$result=$db->sql_query("SELECT lid, url, title, description, date, hits, downloadratingsummary, totalvotes, totalcomments, filesize, version, homepage FROM ".$prefix."_downloads_downloads WHERE sid=$sid order by $orderby limit $min,$perpage");
 
manunkind
Client



Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM

PostPosted: Thu May 06, 2004 6:29 am Reply with quote

Anybody know if NS Download is safe from these exploits?
 
View user's profile Send private message Visit poster's website
chatserv







PostPosted: Thu May 06, 2004 7:31 am Reply with quote

For that particular line just search for WHERE sid=$sid and replace with WHERE sid='$sid' (add quotes to the $sid variable)
 
sixonetonoffun







PostPosted: Thu May 06, 2004 2:27 pm Reply with quote

Yeah I'd check out any modules that where based on the original closely there is a good chance this was missed in some along the way.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©