PhoenixPHP exploit fix!

I hate PhoenixPHP but I like PHP and fixing exploits so here goes...

1. Open index.php
2. Search for: elseif(isset($_GET["error"]) && $_GET["error"] == "ban")
3. Replace the lines of under it with this;

PHP Code:

---

                if(isset($_GET["user"]))
                {
                    $query = mysql_query("SELECT * FROM bans WHERE value = '".$core->EscapeString($_GET["user"])."' AND expire > UNIX_TIMESTAMP() ORDER BY expire DESC LIMIT 1");
                }
                elseif(isset($_GET["ip"]))
                {
                    $query = mysql_query("SELECT * FROM bans WHERE value = '".$core->EscapeString($_GET["ip"])."' AND expire > UNIX_TIMESTAMP() ORDER BY expire DESC LIMIT 1");
                } 


---

What exploit is this and without it what can the exploit do?

Quote:

---

Originally Posted by wy479

What exploit is this and without it what can the exploit do?

---

I'm not sure what it can do, I just added $core->EscapeString before $_GET['ip'];

This fix prevents SQL injection......

Quote:

---

Originally Posted by leenster

This fix prevents SQL injection......

---

This. :P

This fixes the most commonly known sql injection exploit, which can be exploited with the software "Havij".

nice fix once again
Posted via Mobile Device

Thanks

Awesome

Thnaks this will be added right away and your register fix

I tried on 2 of index nothing beacuse i got many fails on my retro home

Thank You so much, This is so commonly used.

http://Site/index.php?error=ban&user=%Inject_here%

Thats the fix for it!

Thanks for this.

Nice.

Lesson: Never use raw commands.

I added this, As soon as you go on site it says you are banned but you can sign in :S, I dont think its worth it. Anyone got a fix?