PhoenixPHP exploit fix!

[NoBrain]

I hate PhoenixPHP but I like PHP and fixing exploits so here goes...

1. Open index.php
2. Search for: elseif(isset($_GET["error"]) && $_GET["error"] == "ban")
3. Replace the lines of under it with this;

PHP Code:

                if(isset($_GET["user"]))
                {
                    $query = mysql_query("SELECT * FROM bans WHERE value = '".$core->EscapeString($_GET["user"])."' AND expire > UNIX_TIMESTAMP() ORDER BY expire DESC LIMIT 1");
                }
                elseif(isset($_GET["ip"]))
                {
                    $query = mysql_query("SELECT * FROM bans WHERE value = '".$core->EscapeString($_GET["ip"])."' AND expire > UNIX_TIMESTAMP() ORDER BY expire DESC LIMIT 1");
                } 


[MentaL]

[wy479]

What exploit is this and without it what can the exploit do?

[NoBrain]

What exploit is this and without it what can the exploit do?

I'm not sure what it can do, I just added $core->EscapeString before $_GET['ip'];

[leenster]

This fix prevents SQL injection......

[NoBrain]

This fix prevents SQL injection......

This. :P

[Jam32]

This fixes the most commonly known sql injection exploit, which can be exploited with the software "Havij".

[Subway]

nice fix once again
Posted via Mobile Device

[Hebbos]

Thanks

[wy479]

Awesome

[CobraSnip]

Thnaks this will be added right away and your register fix

[andreas1234]

I tried on 2 of index nothing beacuse i got many fails on my retro home

[Papercup]

Thank You so much, This is so commonly used.

http://Site/index.php?error=ban&user=%Inject_here%

Thats the fix for it!

[DoctorCooper]

Thanks for this.

[Wupz0r]

Nice.

Lesson: Never use raw commands.

[Papercup]

I added this, As soon as you go on site it says you are banned but you can sign in :S, I dont think its worth it. Anyone got a fix?