Author : Ph03n1X
email : [email protected]
site : http://kandangjamur.net/
vendor : www.vegadns.org
version: 0.99
Vulnerable script is located in index.php file, $message variable isn't validated. You may validate
$_REQUEST['message'] using htmlspecialchars() function.
Vulnerable query is located in src/users.php file, You may fix this problem by adding the following
function and then validate $_REQUEST['cid']
<?php
validate($_REQUEST['cid']);
… bla bla bla …
function validate($char)
{
if(!is_numeric($char))
{
die("i have received an error request");
}
}
?>