GoFuckYourself.com - Adult Webmaster Forum - View Single Post - free tube script w/auto updating embed codes

farkedup · 04-17-2008, 03:45 PM

with a quick scan it looks like rating.php is the only file that actually takes user data up top simply changing to this:

Code:

$gameid			= mysql_real_escape_string($_POST['gameid']);
$gameid2		= mysql_real_escape_string($_POST['gameid']);
$score			= mysql_real_escape_string($_POST['score']);

cleans the data before MySQL actually uses it. I'm going to keep looking around for anything outside the admin panel but with a quick look that appears to be the only thing vulnerable.

04-17-2008, 03:45 PM
farkedup Confirmed User Join Date: Nov 2007 Location: Kalamazoo, MI Posts: 2,490	with a quick scan it looks like rating.php is the only file that actually takes user data up top simply changing to this: Code: $gameid = mysql_real_escape_string($_POST['gameid']); $gameid2 = mysql_real_escape_string($_POST['gameid']); $score = mysql_real_escape_string($_POST['score']); cleans the data before MySQL actually uses it. I'm going to keep looking around for anything outside the admin panel but with a quick look that appears to be the only thing vulnerable. __________________ -- QUOTE ME IT MAKES ME FEEL SPECIAL --