ibda12u Posted February 20, 2007 Share Posted February 20, 2007 Hello I use the x protection version 1.10 script which basically is a script that allows you to control user access on a specific page, using either an existing mysql database or using encrypted sha1 passwords. I've used this script a bit in the past, but the developer has stopped work on the project, and as of late there has been a security issue. as described here http://secunia.com/advisories/21282 "Input passed to the "username" and "password" form field parameters in protect.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation can be used to bypass authentication, but requires that "magic_quotes_gpc" is disabled. The vulnerabilities have been confirmed in version 1.10. Other versions may also be affected." I'm curious if anyone know's what I could do to fix the code? to make it properly sanitize the field parameters? Any idea's? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.