Ich weis zwar jetzt nich was Du meinst,aber was solls.
Nicht? Das ist traurig, solange wie du schon dabei bist sollte man meinen das du das selbst siehst. Es werden weder Ausgaben noch Eingaben gefiltert.
Wo ist was nicht abgesichert, und was ist Schrott?
Überall!
Auszug aus microcms-admin-login.php:
$sql = '
SELECT *
FROM microcms_administrators
WHERE administrators_username = "' . $_POST['administrators_username'] . '" and
administrators_pass = PASSWORD("' . $_POST['administrators_pass'] . '")';
$user_result = mysql_query($sql);Auszug aus microcms-admin-home.php:
if ($_GET['action'] == 'delete_blurb') {
$result = mysql_query('
SELECT *
FROM microcms_content_blurbs
WHERE content_blurbs_id = "' . $_GET['id'] . '"');
$row = mysql_fetch_array($result);
$delete = mysql_query('
DELETE FROM microcms_content_blurb_history
WHERE content_blurbs_variable = "' . $row['content_blurbs_variable'] . '"');
$delete = mysql_query('
DELETE FROM microcms_content_blurbs
WHERE content_blurbs_id = "' . $_GET['id'] . '"');
echo mysql_error();
$result_div .= getResultDiv('<strong>The blurb has been removed.</strong>','success');
}
/............../
$admin_block .= '
<tr>
<td class="' . $row_style . '">' . $row['administrators_id'] . '</td>
<td class="' . $row_style . '">' . $row['administrators_username'] . '</td>
<td class="' . $row_style . '">' . $level . '</td>
<td class="' . $row_style . '"><a href="mailto:' . $row['administrators_email'] . '">' . $row['administrators_email'] . '</a></td>
<td class="' . $row_style . '">
<a onClick="switchImage (\'micro_cms_files/images/plus.gif\',\'micro_cms_files/images/minus.gif\',\'admin_image_' . $row['administrators_id'] . '\')" href="javascript:toggleLayer(\'edit-' . $row['administrators_id'] . '\');"><img src="micro_cms_files/images/plus.gif" name="admin_image_' . $row['administrators_id'] . '" id="admin_image_' . $row['administrators_id'] . '" /></a>
<div class="hidden highlighted-border" id="edit-' . $row['administrators_id'] . '">
<form action="microcms-admin-home.php" method="post">
<input type="hidden" name="action" value="change_password" />
<input type="hidden" name="administrators_id" value="' . $row['administrators_id'] . '" />
New Pass: <input type="text" size="10" name="administrators_password" />
<input type="submit" value="Change Pass >" />
</form>
</div>
</td>
<td class="' . $row_style . ' nowrap">
<form action="microcms-admin-home.php" method="post">
<input type="hidden" name="action" value="delete_admin" />
<input type="hidden" name="administrators_id" value="' . $row['administrators_id'] . '" />
<input type="submit" value="Delete" onclick="return confirm(\'Are you sure you want to delete the following administrator: ' . $row['administrators_username'] . '?\')" />
</form>
</td>
</tr>';
}
Übrigens habe ich genau diese Meldung von einem Tracker erhalten.
Mit recht, ist ja auch Schrott ;-)