If you put a quote ' after yo $who variable, you'll get an SQL error
i.e.
You'll get Sql error which shows the $who is vuln to SQLi.
Quick fix,
Add this to core.php
and also
change
to
in all pages
and finally in .htaccess,
Turn register globals off
i.e.
web/ownercp.php?action=user&sid=616064d42404f02dc07c8d 614cbe2456&who=2'
Quick fix,
Add this to core.php
function clean_url($text)
{
#### FUNCTION BY Webune - Webune - Web Site Design Development Dedicated Hosting Domains Business Company AND WALLPAPERAMA.COM
## PLEASE DO NOT REMOVE THIS.. THANK YOU
$text=strtolower($text);
$code_entities_match = array( '"' ,'!' ,'@' ,'#' ,'$' ,'%' ,'^' ,'&' ,'*' ,'(' ,')' ,'+' ,'{' ,'}' ,'|' ,':' ,'"' ,'<' ,'>' ,'?' ,'[' ,']' ,'' ,';' ,"'" ,',' ,'.' ,'_' ,'/' ,'*' ,'+' ,'~' ,'`' ,'=' ,' ' ,'---' ,'--','--');
$code_entities_replace = array('' ,'-' ,'-' ,'' ,'' ,'' ,'-' ,'-' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'-' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'-' ,'' ,'-' ,'-' ,'' ,'' ,'' ,'' ,'' ,'-' ,'-' ,'-','-');
$text = str_replace($code_entities_match, $code_entities_replace, $text);
return $text;
}
{
#### FUNCTION BY Webune - Webune - Web Site Design Development Dedicated Hosting Domains Business Company AND WALLPAPERAMA.COM
## PLEASE DO NOT REMOVE THIS.. THANK YOU
$text=strtolower($text);
$code_entities_match = array( '"' ,'!' ,'@' ,'#' ,'$' ,'%' ,'^' ,'&' ,'*' ,'(' ,')' ,'+' ,'{' ,'}' ,'|' ,':' ,'"' ,'<' ,'>' ,'?' ,'[' ,']' ,'' ,';' ,"'" ,',' ,'.' ,'_' ,'/' ,'*' ,'+' ,'~' ,'`' ,'=' ,' ' ,'---' ,'--','--');
$code_entities_replace = array('' ,'-' ,'-' ,'' ,'' ,'' ,'-' ,'-' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'-' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'' ,'-' ,'' ,'-' ,'-' ,'' ,'' ,'' ,'' ,'' ,'-' ,'-' ,'-','-');
$text = str_replace($code_entities_match, $code_entities_replace, $text);
return $text;
}
change
$who = $_GET['who'];
$who = (int) $_GET['who'];
and finally in .htaccess,
Turn register globals off
Comment