News and announcements will be posted here.
The Beatles
Fear me for I am root
Posts: 6285 Joined: Tue May 24, 2005 8:12 pm
Post
by The Beatles Sun Jan 29, 2006 1:13 am
I've started looking over the FAF code for potential security holes proactively. I've found one potentially dangerous issue already, results will be posted once the code audit is over.
:wq
The Beatles
Fear me for I am root
Posts: 6285 Joined: Tue May 24, 2005 8:12 pm
Post
by The Beatles Sun Jan 29, 2006 11:46 pm
At least one definite SQL injection bug has been found (and fixed). Removed, so script kiddies don't run wild with other Promi variants in the wild. ~Beatles
:wq
Turock
Forum Maniac
Posts: 289 Joined: Sat Jan 07, 2006 12:45 am
Contact:
Post
by Turock Mon Jan 30, 2006 4:01 am
I'm assuming that:Removed, so script kiddies don't run wild with other Promi variants in the wild. ~Beatles
The Beatles
Fear me for I am root
Posts: 6285 Joined: Tue May 24, 2005 8:12 pm
Post
by The Beatles Mon Jan 30, 2006 5:08 am
I used $contentious_variable = mysql_real_escape_string($contentious_variable);Removed, so script kiddies don't run wild with other Promi variants in the wild. ~Beatles
:wq
Turock
Forum Maniac
Posts: 289 Joined: Sat Jan 07, 2006 12:45 am
Contact:
Post
by Turock Mon Jan 30, 2006 12:22 pm
I guess its all basically the same. I will use your method so the scripts remain similar.
Turock
Forum Maniac
Posts: 289 Joined: Sat Jan 07, 2006 12:45 am
Contact:
Post
by Turock Wed Feb 01, 2006 3:13 am
I should have posted that in a PM
Sorry.
The Beatles
Fear me for I am root
Posts: 6285 Joined: Tue May 24, 2005 8:12 pm
Post
by The Beatles Wed Feb 01, 2006 6:20 am
I was the indiscreet one to start with. I had been so surprised by the vulnerabilities.
:wq
Members connected in real time
Sorry. 