well here are the place u can post all the holes u find in retrivewap so the ppl who use it can fix it
1. In the profile share plusses got a hole add this in genproc
here are my plusses code in genproc
genproc.php?action=plusses
2. in the challnge war.php there are a hole where ppl can win a battle without even playing against u.
3. ontop of all pages remove the following code its useless it will allow ppl to inject ur site they say it protect ur site but after i removed it the sql inject code didnt work at all
or there a hole in the above code or im just crazy
4. in the index there are a code where owners can send pm to club members just a way for hackers to advertise their site so remove it or keep it ur choise.
if there are other holes u know of do post them here
1. In the profile share plusses got a hole add this in genproc
here are my plusses code in genproc
genproc.php?action=plusses
Code:
//////////////////////////////////////////////////////////////////////Give credits
else if($action=="plusses")
{
addonline(getuid_sid($sid),"Sharing Credits","");
$theme = mysql_fetch_array(mysql_query("SELECT theme2 FROM ibwf_users WHERE id='".$uid."'"));
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"style/$theme[0]\">";
echo "<p align=\"center\">";
//$uid = getuid_sid($sid);
$who=get_var(who);
// $who = htmlspecialchars($_GET["who"], ENT_QUOTES);
$ptg = htmlspecialchars($_POST["ptg"], ENT_QUOTES);
$uid = htmlspecialchars($uid, ENT_QUOTES);
$sid = htmlspecialchars($sid, ENT_QUOTES);
$var = abs(intval($var));
if($ptg<=0)
{
echo "WTF u trying to do hmmm<br/>";
}else{
$gpsf = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users WHERE id='".$uid."'"));
$gpst = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users WHERE id='".$who."'"));
if($gpsf[0]>=$ptg){
$gpsf = $gpsf[0]-$ptg;
$gpst = $gpst[0]+$ptg;
$res = mysql_query("UPDATE ibwf_users SET plusses='".$gpst."' WHERE id='".$who."'");
if($res)
{
$ad = mysql_fetch_array(mysql_query("SELECT plusses FROM ibwf_users WHERE id='".$who."'"));
$res = mysql_query("UPDATE ibwf_users SET plusses='".$gpsf."' WHERE id='".$uid."'");
echo "<img src=\"images/ok.gif\" alt=\"o\"/>Credits Updated Successfully<br/>";
$var = abs(intval($var));$wintext = "".getnick_uid($uid)." Shared $ptg Credits With u..Now U hv $gpst credits![br/][i] p.s. note: This is an automatic pm from $stitle service centre[/i]";
$res = mysql_query("INSERT INTO ibwf_private SET text='".$wintext."', byuid='".$uid."', touid='".$who."', timesent='".time()."'");
}else{
echo "<img src=\"images/notok.gif\" alt=\"x\"/>Database Error!<br/>";
}
}else{
echo "<img src=\"images/notok.gif\" alt=\"x\"/>You don't have enough Credits to give<br/>";
}
}
echo "<br/>";
$thid = mysql_fetch_array(mysql_query("SELECT themeid FROM ibwf_users WHERE id='".$uid."'"));
$themeimageset = mysql_fetch_array(mysql_query("SELECT themedir FROM ibwf_iconset WHERE id='".$thid[0]."'"));
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"images/themes/$themeimageset[0]/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p>";
echo xhtmlfoot();
exit();
}
3. ontop of all pages remove the following code its useless it will allow ppl to inject ur site they say it protect ur site but after i removed it the sql inject code didnt work at all
Code:
//protect against sql injections and remove $ sign
if( !get_magic_quotes_gpc() )
{
if( is_array($_GET) )
{
while( list($k, $v) = each($_GET) )
{
if( is_array($_GET[$k]) )
{
while( list($k2, $v2) = each($_GET[$k]) )
{
$_GET[$k][$k2] = addslashes($v2);
}
@reset($_GET[$k]);
}
else
{
$_GET[$k] = addslashes($v);
}
}
@reset($_GET);
}
if( is_array($_POST) )
{
while( list($k, $v) = each($_POST) )
{
if( is_array($_POST[$k]) )
{
while( list($k2, $v2) = each($_POST[$k]) )
{
$_POST[$k][$k2] = addslashes($v2);
}
@reset($_POST[$k]);
}
else
{
$_POST[$k] = addslashes($v);
}
}
@reset($_POST);
}
}
4. in the index there are a code where owners can send pm to club members just a way for hackers to advertise their site so remove it or keep it ur choise.
if there are other holes u know of do post them here
Comment