At 2004-03-25T22:14:48Z, andre@nullroute.co.uk writes: > <html> > <body> > <?php > $db = mysql_connect("localhost", "root"); > mysql_select_db("dtrackLog",$db); > if ($submit) { > if ($ExID) { > $sql = "UPDATE TL_Exploit SET > LogID='$LogID',OfficialName='$OfficialName',BugTraqID='$BugTraqID',PublishedDate='$PublishedDate',Type='$Type',Range='$Range',Damage='$Damage',OnlineReferences='$OnlineReferences', > SoftwareAffected='$SoftwareAffected',NotVulnerable='$NotVulnerable',Symptoms='$Symptoms',HowTo='$HowTo',ObjectAffected='$ObjectAffected',Discussion='$Discussion',Credits='$Credits',WHERE > ExID=$ExID"; You're relying on a major security flaw in PHP (injecting GET/POST data into the global namespace) for functionality. Also, your database queries are incredibly dangerous; google for "SQL injection" for more information. Basically, I could 0wn your website in about 5 minutes, and so could anyone else so motivated. I suggest you take this offline immediately until it can be fixed. -- Kirk Strauser In Googlis non est, ergo non est.
Attachment:
pgpmpv1fLPSdn.pgp
Description: PGP signature