Thread: Fun With Tevs - Not Good If You Are Running Tevs
View Single Post
Old 03-03-2008, 04:40 PM  
Tempest
Too lazy to set a custom title
 
Industry Role:
Join Date: May 2004
Location: West Coast, Canada.
Posts: 10,217
Quote:
Originally Posted by teksonline View Post
Sorry to say but some of the worst code I have seen in a while comes from this Tevs script..

Appears this script is built for hacker heaven as it accepts database queries from any ip and site is injectible with anything you care to run on it...

all you need...is to know who is using tevs and you can own all their traffic..

Appears all data being managed by this script is unsanitized.

I'll further up the analysis of this script as give time for owner to patch it up quickly, well if he can, it appears he hasnt brushed up on his skills in many years.

If you are running tevs, i would disable all input form surfers until fixed.

In 48 hours, if not fixed I will post simple exploit
Email your info to Dean... I know they're busy working on v1.1 to fix a lot of things including stuff like this but would be great if you gave him some specifics to work on...
Tempest is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote