by ghostintheshell on Fri May 02, 2008 7:13 pm ([msg=1949]see Re: Extbasic 7[/msg])
This one left me clueless. The code looks funny to begin with given that it asks for POST reqs and gets a GET. And the fact that there isn't a db connection explicit in the code throws me off too. I don't really write PHP, but I can write a web app in it (with holes). I looked up the function being used and they all seemed fine minus the db connection thing. I am missing something obviously. Can anyone think of a non spoiling way to point me in the right direction?
by sharpskater69 on Sat May 03, 2008 1:06 pm ([msg=1982]see Re: Extbasic 7[/msg])
My main conflict is that I see like 3 things that aren't exactly sound in the code. I don't know if it's a screw up or it's supposed to be what we patch. I've looked up vulnerabilities certain things have, as well as functions to use to patch them. In reality, that snippet wouldn't even work since the variables are $_POST data and the form uses $_GET to send the data(try it if you don't believe me). I'm not going to mention code or line numbers, but I see a potential sql problem and an xss one. Am I on the right track with these?