A Few Bugs Including SQL Injection Exploit (1 post)

  1. L D
    Posted 4 years ago #

    Just FYI, there are some bugs I pointed out in the cevhershare port of your plugin which are not addressed in your latest version. Sorry, I know you don't like cevhershare but I didn't know about your plugin until recently so I posted my fixes there. Also, in sharebar-admin.php, it is easy to perform an SQL injection attack when the code captures the 'id' value from GET and POST. You may want to copy the cevhershare fix for that. See http://www.exploit-db.com/exploits/17891/ for the exploit.


Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic