Author Topic: Security Fix: frame.php  (Read 2063 times)

0 Members and 1 Guest are viewing this topic.

Offline 757jterrell

  • Hero Member
  • *****
  • Posts: 1629
    • View Profile
    • PTC Factory
Security Fix: frame.php
« on: October 29, 2010, 04:37:20 PM »
With the cooperation of Scott Klarr (http://diffusionstudios.com/) we are pleased to release this security update:

This will prevent people from uploading free credits into your  ads.

Go to your frame.php file, line 19 to 23 and add what is in bold:

include("header.php");

$id = mysql_real_escape_string($_REQUEST['id']);

$sql = $Db1->query("SELECT * FROM $type WHERE id='$id'");

Offline Claudeski

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: Security Fix: frame.php
« Reply #1 on: October 30, 2010, 07:38:59 PM »
Thanks for the additional fix but even with this I'm still getting link ads both created and modified.

Offline 757jterrell

  • Hero Member
  • *****
  • Posts: 1629
    • View Profile
    • PTC Factory
Re: Security Fix: frame.php
« Reply #2 on: October 31, 2010, 10:21:13 AM »
can I ask what version of the script you are using?? it may help us identify what the problem is.

Offline Claudeski

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: Security Fix: frame.php
« Reply #3 on: October 31, 2010, 06:25:05 PM »
I'm still using MRV3.

Offline 757jterrell

  • Hero Member
  • *****
  • Posts: 1629
    • View Profile
    • PTC Factory
Re: Security Fix: frame.php
« Reply #4 on: October 31, 2010, 06:51:34 PM »

Offline Claudeski

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: Security Fix: frame.php
« Reply #5 on: November 01, 2010, 02:05:55 AM »
Have you done these things already?

http://auroraadmintraining.info/index.php/topic,152.0.html

My config.php had a permission of 0666 instead of 0777 or 0664 but has now been changed, could this have been the problem?. Otherwise, all those holes have been fixed.

Offline 757jterrell

  • Hero Member
  • *****
  • Posts: 1629
    • View Profile
    • PTC Factory
Re: Security Fix: frame.php
« Reply #6 on: November 01, 2010, 04:57:03 PM »
Yes that would do it, permission 0666 allows people to access and write to your database. Change it to 0644 ASAP.

Offline Claudeski

  • Newbie
  • *
  • Posts: 28
    • View Profile
Re: Security Fix: frame.php
« Reply #7 on: November 01, 2010, 06:55:12 PM »
Yes that would do it, permission 0666 allows people to access and write to your database. Change it to 0644 ASAP.

Yep already changed. Thanks for the help.

Offline syaikhoni

  • Newbie
  • *
  • Posts: 19
    • View Profile
    • Simple get money Online
Re: Security Fix: frame.php
« Reply #8 on: April 14, 2011, 03:51:54 AM »
ok thaks