Why is it that the psu threads are always either annoying or amusing?
:popcorneaters:
GB auctions Wrote:I took the easy option here, and used the issue to fully upgrade the script to the latest version which came out in September. That has many new features and all updated security fixes.
PHPProBid has yet to release a security fix for the security hole that was discovered on September 19th. The version he upgraded to has an easily hacked security hole (see exploit code below)
Quote:PHP Pro Bid Multiple SQL Injection Vulnerabilities
Secunia Advisory: SA31981
Release Date: 2008-09-23
Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched
Software: PHP Pro Bid 6.x
http://secunia.com/Advisories/31981/
http://www.networksecurityarchive.org/ht...00210.html
Exploit example published September 19,2008:
Code:
http://example.com/phpprobidlocation/categories.php?start=0&limit=20&parent_id=669&keywords_cat_search=&buyout_price=&reserve_price=&quantity=&enable_swap=&order_field=(select%201)x&order_type=%20