Quote:
Originally Posted by quantum-x
Please don't patronize me. I've worked very closely w/ NATS and CARMA since they were in beta.
I have personally tested and proved SQL injections against NATS and CARMA [and dutifully reported them]. I have looked at the source of both, and literally just took a scroll through it again. There are exploitable areas. I haven't seen a mysql_real_escape_string anywhere in the code I saw, and 6 months ago, there were definite issues. HTML_special_chars / [and god forbid] addslashes and the ilk are not sql protection.
Check out - http://www.gofuckyourself.com/showpo...&postcount=218
I know programmers love to piss on each other, but the fact of the matter is that basically ANY script online is susceptible to attack, whether it be by the script itself, or the frameworks that support it. |
You may be right, or they may be doing their escaping in the nats_db_query function or relying on magic_quotes_gpc. I don't have access to the nats source, but I'm working on a project with TMM and from the cleanliness of their code, I doubt they would make some noobish mistakes like not sanitizing user input.