Zitat:
Zitat von phenom
Ich weis zwar jetzt nich was Du meinst,aber was solls.
|
Nicht? Das ist traurig, solange wie du schon dabei bist sollte man meinen das du das selbst siehst. Es werden weder Ausgaben noch Eingaben gefiltert.
Zitat:
Zitat von phenom
Wo ist was nicht abgesichert, und was ist Schrott?
|
Überall!
Auszug aus microcms-admin-login.php:
PHP-Code:
$sql = '
SELECT *
FROM microcms_administrators
WHERE administrators_username = "' . $_POST['administrators_username'] . '" and
administrators_pass = PASSWORD("' . $_POST['administrators_pass'] . '")';
$user_result = mysql_query($sql);
Auszug aus microcms-admin-home.php:
PHP-Code:
if ($_GET['action'] == 'delete_blurb') {
$result = mysql_query('
SELECT *
FROM microcms_content_blurbs
WHERE content_blurbs_id = "' . $_GET['id'] . '"');
$row = mysql_fetch_array($result);
$delete = mysql_query('
DELETE FROM microcms_content_blurb_history
WHERE content_blurbs_variable = "' . $row['content_blurbs_variable'] . '"');
$delete = mysql_query('
DELETE FROM microcms_content_blurbs
WHERE content_blurbs_id = "' . $_GET['id'] . '"');
echo mysql_error();
$result_div .= getResultDiv('<strong>The blurb has been removed.</strong>','success');
}
/............../
$admin_block .= '
<tr>
<td class="' . $row_style . '">' . $row['administrators_id'] . '</td>
<td class="' . $row_style . '">' . $row['administrators_username'] . '</td>
<td class="' . $row_style . '">' . $level . '</td>
<td class="' . $row_style . '"><a href="mailto:' . $row['administrators_email'] . '">' . $row['administrators_email'] . '</a></td>
<td class="' . $row_style . '">
<a onClick="switchImage (\'micro_cms_files/images/plus.gif\',\'micro_cms_files/images/minus.gif\',\'admin_image_' . $row['administrators_id'] . '\')" href="javascript:toggleLayer(\'edit-' . $row['administrators_id'] . '\');"><img src="micro_cms_files/images/plus.gif" name="admin_image_' . $row['administrators_id'] . '" id="admin_image_' . $row['administrators_id'] . '" /></a>
<div class="hidden highlighted-border" id="edit-' . $row['administrators_id'] . '">
<form action="microcms-admin-home.php" method="post">
<input type="hidden" name="action" value="change_password" />
<input type="hidden" name="administrators_id" value="' . $row['administrators_id'] . '" />
New Pass: <input type="text" size="10" name="administrators_password" />
<input type="submit" value="Change Pass >" />
</form>
</div>
</td>
<td class="' . $row_style . ' nowrap">
<form action="microcms-admin-home.php" method="post">
<input type="hidden" name="action" value="delete_admin" />
<input type="hidden" name="administrators_id" value="' . $row['administrators_id'] . '" />
<input type="submit" value="Delete" onclick="return confirm(\'Are you sure you want to delete the following administrator: ' . $row['administrators_username'] . '?\')" />
</form>
</td>
</tr>';
}
Zitat:
Zitat von phenom
Übrigens habe ich genau diese Meldung von einem Tracker erhalten.
|
Mit recht, ist ja auch Schrott ;-)