PhoenixPHP exploit fix!

Results 1 to 23 of 23
  1. #1
    "(still lacks brains)" NoBrain is offline
    MemberRank
    Sep 2011 Join Date
    United KingdomLocation
    2,658Posts

    PhoenixPHP exploit fix!

    I hate PhoenixPHP but I like PHP and fixing exploits so here goes...

    1. Open index.php
    2. Search for: elseif(isset($_GET["error"]) && $_GET["error"] == "ban")
    3. Replace the lines of under it with this;

    PHP Code:
                    if(isset($_GET["user"]))
                    {
                        
    $query mysql_query("SELECT * FROM bans WHERE value = '".$core->EscapeString($_GET["user"])."' AND expire > UNIX_TIMESTAMP() ORDER BY expire DESC LIMIT 1");
                    }
                    elseif(isset(
    $_GET["ip"]))
                    {
                        
    $query mysql_query("SELECT * FROM bans WHERE value = '".$core->EscapeString($_GET["ip"])."' AND expire > UNIX_TIMESTAMP() ORDER BY expire DESC LIMIT 1");
                    } 


  2. #2
    Learning C# - Developer wy479 is offline
    MemberRank
    Nov 2010 Join Date
    :O You PERVERT!Location
    1,132Posts

    Re: PhoenixPHP exploit fix!

    What exploit is this and without it what can the exploit do?

  3. #3
    "(still lacks brains)" NoBrain is offline
    MemberRank
    Sep 2011 Join Date
    United KingdomLocation
    2,658Posts

    Re: PhoenixPHP exploit fix!

    Quote Originally Posted by wy479 View Post
    What exploit is this and without it what can the exploit do?
    I'm not sure what it can do, I just added $core->EscapeString before $_GET['ip'];

  4. #4
    [̲̅$̲̅(̲̅1̲̅)̲̅$ ̲̅] leenster is offline
    MemberRank
    May 2008 Join Date
    KanaadaLocation
    992Posts

    Re: PhoenixPHP exploit fix!

    This fix prevents SQL injection......

  5. #5
    "(still lacks brains)" NoBrain is offline
    MemberRank
    Sep 2011 Join Date
    United KingdomLocation
    2,658Posts

    Re: PhoenixPHP exploit fix!

    Quote Originally Posted by leenster View Post
    This fix prevents SQL injection......
    This. :P

  6. #6
    Resurrected Jam32 is offline
    MemberRank
    Aug 2008 Join Date
    JamoniaLocation
    2,393Posts

    Re: PhoenixPHP exploit fix!

    This fixes the most commonly known sql injection exploit, which can be exploited with the software "Havij".

  7. #7
    sexiess is a sin. Subway is offline
    MemberRank
    Jun 2010 Join Date
    2,491Posts
    nice fix once again
    Posted via Mobile Device

  8. #8
    Apprentice Hebbos is offline
    MemberRank
    Aug 2011 Join Date
    10Posts

    Re: PhoenixPHP exploit fix!

    Thanks

  9. #9
    Learning C# - Developer wy479 is offline
    MemberRank
    Nov 2010 Join Date
    :O You PERVERT!Location
    1,132Posts

    Re: PhoenixPHP exploit fix!

    Awesome

  10. #10
    Member CobraSnip is offline
    MemberRank
    Apr 2011 Join Date
    BlackburnLocation
    60Posts

    Re: PhoenixPHP exploit fix!

    Thnaks this will be added right away and your register fix

  11. #11
    Novice andreas1234 is offline
    MemberRank
    Oct 2011 Join Date
    2Posts

    Re: PhoenixPHP exploit fix!

    I tried on 2 of index nothing beacuse i got many fails on my retro home

  12. #12
    Web Developer Papercup is offline
    MemberRank
    Nov 2009 Join Date
    WalesLocation
    1,607Posts

    Re: PhoenixPHP exploit fix!

    Thank You so much, This is so commonly used.

    http://Site/index.php?error=ban&user=%Inject_here%

    Thats the fix for it!

  13. #13
    Account Upgraded | Title Enabled! DoctorCooper is offline
    MemberRank
    Oct 2011 Join Date
    R:\aGEZONELocation
    317Posts

    Re: PhoenixPHP exploit fix!

    Thanks for this.

  14. #14
    Account Upgraded | Title Enabled! Wupz0r is offline
    MemberRank
    Oct 2011 Join Date
    RaGEZONELocation
    229Posts

    Re: PhoenixPHP exploit fix!

    Nice.

    Lesson: Never use raw commands.

  15. #15
    Web Developer Papercup is offline
    MemberRank
    Nov 2009 Join Date
    WalesLocation
    1,607Posts

    Re: PhoenixPHP exploit fix!

    I added this, As soon as you go on site it says you are banned but you can sign in :S, I dont think its worth it. Anyone got a fix?

  16. #16
    Account Upgraded | Title Enabled! Wupz0r is offline
    MemberRank
    Oct 2011 Join Date
    RaGEZONELocation
    229Posts

    Re: PhoenixPHP exploit fix!

    Quote Originally Posted by Seano2o6 View Post
    I added this, As soon as you go on site it says you are banned but you can sign in :S, I dont think its worth it. Anyone got a fix?
    PM, some of our PHP coders?

  17. #17
    "(still lacks brains)" NoBrain is offline
    MemberRank
    Sep 2011 Join Date
    United KingdomLocation
    2,658Posts

    Re: PhoenixPHP exploit fix!

    Quote Originally Posted by Seano2o6 View Post
    I added this, As soon as you go on site it says you are banned but you can sign in :S, I dont think its worth it. Anyone got a fix?
    Wtf? It works perfectly, had no complaints apart from you... I don't see why it wouldn't work, try a fresh download of the CMS?

  18. #18
    I don't even know azaidi is offline
    MemberRank
    Apr 2010 Join Date
    the NetherlandsLocation
    2,065Posts

    Re: PhoenixPHP exploit fix!

    Works great?

    ---------- Post added at 05:04 PM ---------- Previous post was at 05:03 PM ----------

    Anyone know other things I can fix in PhoenixPHP? I'm going to release my PhoenixPHP Edit 1.0 over some time.

  19. #19
    "(still lacks brains)" NoBrain is offline
    MemberRank
    Sep 2011 Join Date
    United KingdomLocation
    2,658Posts

    Re: PhoenixPHP exploit fix!

    Quote Originally Posted by azaidi View Post
    Works great?

    ---------- Post added at 05:04 PM ---------- Previous post was at 05:03 PM ----------

    Anyone know other things I can fix in PhoenixPHP? I'm going to release my PhoenixPHP Edit 1.0 over some time.
    You using my fixes in that? If so, credits...

  20. #20
    I don't even know azaidi is offline
    MemberRank
    Apr 2010 Join Date
    the NetherlandsLocation
    2,065Posts

    Re: PhoenixPHP exploit fix!

    K i have putted credits in the index.php for you?

  21. #21
    Account Upgraded | Title Enabled! Wupz0r is offline
    MemberRank
    Oct 2011 Join Date
    RaGEZONELocation
    229Posts

    Re: PhoenixPHP exploit fix!

    If this doesnt work, you fail. Easy to add and it WORKS, no doubt.

  22. #22
    Alpha Member Danny is offline
    MemberRank
    Oct 2011 Join Date
    My PCLocation
    2,158Posts

    Re: PhoenixPHP exploit fix!

    Nice it works, Just because people don't know how to do it don't mean it dont work.

  23. #23
    Account Upgraded | Title Enabled! Wupz0r is offline
    MemberRank
    Oct 2011 Join Date
    RaGEZONELocation
    229Posts

    Re: PhoenixPHP exploit fix!

    Quote Originally Posted by LattixEmu View Post
    Nice it works, Just because people don't know how to do it don't mean it dont work.
    That's why n00bs are Lazy.



Advertisement