Thread: Is your NATS hacked ?
View Single Post
Old 12-22-2007, 04:40 AM  
borked
Totally Borked
 
borked's Avatar
 
Industry Role:
Join Date: Feb 2005
Posts: 6,284
Quote:
Originally Posted by quantum-x View Post
Please don't patronize me. I've worked very closely w/ NATS and CARMA since they were in beta.
I have personally tested and proved SQL injections against NATS and CARMA [and dutifully reported them]. I have looked at the source of both, and literally just took a scroll through it again. There are exploitable areas. I haven't seen a mysql_real_escape_string anywhere in the code I saw, and 6 months ago, there were definite issues. HTML_special_chars / [and god forbid] addslashes and the ilk are not sql protection.

Check out - http://www.gofuckyourself.com/showpo...&postcount=218

I know programmers love to piss on each other, but the fact of the matter is that basically ANY script online is susceptible to attack, whether it be by the script itself, or the frameworks that support it.
Interesting...
How many people have access to the open source of NATS? Surely the only way to know where these exploits are, if what you say is correct, is to have access to the source.

How come you have access to the source?
__________________

For coding work - hit me up on andy // borkedcoder // com
(consider figuring out the email as test #1)


All models are wrong, but some are useful. George E.P. Box. p202
borked is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote