At 2004-03-25T22:14:48Z, andre@nullroute.co.uk writes:
> <html>
> <body>
> <?php
> $db = mysql_connect("localhost", "root");
> mysql_select_db("dtrackLog",$db);
> if ($submit) {
> if ($ExID) {
> $sql = "UPDATE TL_Exploit SET
> LogID='$LogID',OfficialName='$OfficialName',BugTraqID='$BugTraqID',PublishedDate='$PublishedDate',Type='$Type',Range='$Range',Damage='$Damage',OnlineReferences='$OnlineReferences',
> SoftwareAffected='$SoftwareAffected',NotVulnerable='$NotVulnerable',Symptoms='$Symptoms',HowTo='$HowTo',ObjectAffected='$ObjectAffected',Discussion='$Discussion',Credits='$Credits',WHERE
> ExID=$ExID";
You're relying on a major security flaw in PHP (injecting GET/POST data into
the global namespace) for functionality. Also, your database queries are
incredibly dangerous; google for "SQL injection" for more information.
Basically, I could 0wn your website in about 5 minutes, and so could anyone
else so motivated. I suggest you take this offline immediately until it can
be fixed.
--
Kirk Strauser
In Googlis non est, ergo non est.
Attachment:
pgpmpv1fLPSdn.pgp
Description: PGP signature