Quote:
Originally Posted by teksonline
Sorry to say but some of the worst code I have seen in a while comes from this Tevs script..
Appears this script is built for hacker heaven as it accepts database queries from any ip and site is injectible with anything you care to run on it...
all you need...is to know who is using tevs and you can own all their traffic..
Appears all data being managed by this script is unsanitized.
I'll further up the analysis of this script as give time for owner to patch it up quickly, well if he can, it appears he hasnt brushed up on his skills in many years.
If you are running tevs, i would disable all input form surfers until fixed.
In 48 hours, if not fixed I will post simple exploit
|
Accepting db connections from any IP has nothing to do with php. It has to do with mysql user settings and firewalls. Restrict the mysql user to accept connections from localhost only, as well as firewall out your mysql port.