[Release] PHP (CMS) Patch Exploits!

[Mister. M]

Hello Forum.Ragezone.com,


Have released this on Otaku already.
And yes. Im EvilCoder on that! No leech.

First of all. Don't come here to flame/insult other ppl.
This is an PHP code. That will get rid of all injects.

Go to the config.php file. Where you have edit the mysql data.
Paste this into the file on the top or bottom. Doesn't matter.

Code:

    foreach ($_POST as $key => $value)
    {
        $_POST[$key] = htmlspecialchars($value, ENT_QUOTES);
    } 




    foreach ($_GET as $key => $value)
    {
            $_GET[$key] = htmlspecialchars($value, ENT_QUOTES);
    }

Just make shure its between ' <?php ' && ' ?> '
Now when you did that. You're cms is fully patched.

Remember it will only work for the pages who includes the file: config.php!

Works on every page. Every cms. Every php version.

Your kindly,
EvilCoder or Mister. M

[nickymonsma]

what is it? an exploit or a anti exploit

[donszeh]

what is it? an exploit or a anti exploit

Learn reading, It's an script that you paste in config.php and every page that include's config.php is exploit patched.
So it's an anti-exploit.

Little RIP off from

http://forum.ragezone.com/f353/phoen...ection-807809/

/TROLLFACE uMad?

[imstr]

Little RIP off from

http://forum.ragezone.com/f353/phoen...ection-807809/

/TROLLFACE uMad?

it looks like a rip off from mine

[Muscab]

Actually, I think it is. But he edited the script a little bit? Damn.

How noob can he be?

He's pretty noob.
Because he say's im C# pro, But he's still using Phoenix?

Calm down,
--

Thanks for contributing to the ragezone habbo section.

[Superfun]

This stopts XSS, NOT injects!!!!!

[ησвяαιη]

This stopts XSS, NOT injects!!!!!

What this guy said.

[scottstamp851]

Yeah, filtering for html special characters filters out stuff like < and > to their HTML-valid counterparts. It only blocks XSS, you can still perform SQL injections, and even with XSS injection there are typically ways around it.

Don't trust this to "secure" your CMS.

[MerijnZ]

@donszeh,
You are actually a skid; Why are you posting crap? If you don't know what you're saying. You said you need to put it in your configuration? false. You need to put it into a global page.

Ehm, if you wanna fix it, you can use you're phoenix filter? Not that hard:

Code:

    foreach ($_POST as $key => $value)
    {
        $_POST[$key] = $core->EscapeString($value);
    } 




    foreach ($_GET as $key => $value)
    {
            $_GET[$key] = $core->EscapeString($value);
    }

Goodluck.

[Ron]

How did you "release" something that has been in PHP since before you even decided to learn it?

[donszeh]

@donszeh,
You are actually a skid; Why are you posting crap? If you don't know what you're saying. You said you need to put it in your configuration? false. You need to put it into a global page.

Ehm, if you wanna fix it, you can use you're phoenix filter? Not that hard:

Code:

    foreach ($_POST as $key => $value)
    {
        $_POST[$key] = $core->EscapeString($value);
    } 




    foreach ($_GET as $key => $value)
    {
            $_GET[$key] = $core->EscapeString($value);
    }

Goodluck.

Errmmm sorry for you mate.

Go to the config.php file. Where you have edit the mysql data.
Paste this into the file on the top or bottom. Doesn't matter.

Did say "Mister.M" not me.--"

And actually, You think i'm a skid. I know what i can do to people, Where i'm good at. And i'm not gonna "Show" it to people i know.

last 3 years defaced 200 websites mate =]

[MerijnZ]

Errmmm sorry for you mate.

Go to the config.php file. Where you have edit the mysql data.
Paste this into the file on the top or bottom. Doesn't matter.

Did say "Mister.M" not me.--"

And actually, You think i'm a skid. I know what i can do to people, Where i'm good at. And i'm not gonna "Show" it to people i know.

last 3 years defaced 200 websites mate =]

Did i talk about defacements? No. I have defaced 800+ domains this week, so what? Rooted the webservers.

I talk about your newbie response, not your actions.

Edit: There is a 'global' page at PhoenixPHP and another Content Management Systems, The configuration is not the right place.

[Law]

Did i talk about defacements? No. I have defaced 800+ domains this week, so what? Rooted the webservers.

I talk about your newbie response, not your actions.

Edit: There is a 'global' page at PhoenixPHP and another Content Management Systems, The configuration is not the right place.

Oh, we gonna talk about defacing websites?

Well I have defaced 0 websites cause I'm not a asshole to other people.

Stop braggin' about it, mkay? ;)

[MerijnZ]

Oh, we gonna talk about defacing websites?

Well I have defaced 0 websites cause I'm not a asshole to other people.

Stop braggin' about it, mkay? ;)

Cool story.

[Davidaap]

Did i talk about defacements? No. I have defaced 800+ domains this week, so what? Rooted the webservers.

I talk about your newbie response, not your actions.

Edit: There is a 'global' page at PhoenixPHP and another Content Management Systems, The configuration is not the right place.