With the cooperation of Scott Klarr (
http://diffusionstudios.com/) we are pleased to release this security update:
This will prevent people from uploading free credits into your featured banners, also please use the security fix for the wizards/fbanners.php file.
EDIT: Link for wizards/fbanners.php fix:
http://auroraadmintraining.info/index.php/topic,1002.0.htmlYou will want to cut and paste this entire code into your file:
<?
$id=$_GET['id'];
include("config.php");
include("includes/mysql.php");
$Db1 = new DB_sql;
$Db1->connect($DBHost, $DBDatabase, $DBUser, $DBPassword);
$id = mysql_real_escape_string($_REQUEST['id']);
$sql2=$Db1->query("SELECT * FROM fbanners WHERE id='$id'");
$banner=$Db1->fetch_array($sql2);
$sql=$Db1->query("UPDATE fbanners SET clicks=clicks+1 WHERE id='$id'");
$Db1->sql_close();
header("Location: $banner[target]");
?>
