+ Reply to Thread
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Hacked!

  1. #1

    Hacked!

    Flynax is susceptible to sql injectioni via the login, signup forms. Also, the sort_type variable is subsetible to http post. How do I sanitize these forms. Our competitors has been defacing our site for 3 days. Please help. I have a ticket open already.

  2. #2
    Member
    Join Date
    May 2020
    Location
    Sydney, Australia
    Posts
    37
    Just curious, what Flynax version do you use?

  3. #3
    the latest

  4. #4
    Flynax developer John's Avatar
    Join Date
    Oct 2009
    Posts
    606

    Fix part1

    Hi guys.
    Yes right, the mysql injection was found and fixed, thank you for the report Joshua!
    We strongly recommend applying the fix ASAP:

    1. Open file: /includes/classes/rlDb.class.php
    2. Find the code:
    PHP Code:
    Only registered members can view the code
    See the next post to continue (forum prevented me to submit so long post).
    Last edited by John; November 4, 2022 at 02:17 PM.

  5. #5
    Flynax developer John's Avatar
    Join Date
    Oct 2009
    Posts
    606

    Fix part2

    3. Replace with the new code:
    PHP Code:
    Only registered members can view the code
    4. Save changes

    That is all!

    Do you have problem with applying the fix? Submit the ticket to the tech dep at https://support.flynax.com/index.php...kets&_a=submit, guys will apply the fix for you!

    John
    Last edited by John; November 7, 2022 at 07:02 AM.

  6. #6
    Does this need doing regardless of what version you have or just the newest version?
    New Site: CameraSpecs https://bit.ly/3G4uYA6

    Old Site: MotorAdsUk

  7. #7
    Senior Member
    Join Date
    Nov 2021
    Posts
    163
    Yes, I'm also interested in this question, since I haven't updated to version 4.9.1 yet

  8. #8
    Quote Originally Posted by John View Post
    3. Replace with the new code:
    PHP Code:
    Only registered members can view the code
    4. Save changes

    That is all!

    Do you have problem with applying the fix? Submit the ticket to the tech dep at https://support.flynax.com/index.php...kets&_a=submit, guys will apply the fix for you!

    John
    Hello John, It has problem when try to upgrade/renew an expired listing. It does not save pay_date field.

    I recommend below correction.

    Find:
    Code:
    Only registered members can view the code.
    Change to:
    Code:
    Only registered members can view the code.

  9. #9
    Master
    Join Date
    Oct 2019
    Location
    Hungary
    Posts
    403
    Quote Originally Posted by Bahram Soltanirad View Post
    Hello John, It has problem when try to upgrade/renew an expired listing. It does not save pay_date field.

    I recommend below correction.

    Find:
    Code:
    Only registered members can view the code.
    Change to:
    Code:
    Only registered members can view the code.
    where exactly did you replace this code? I replaced one with the code you wrote, but nothing changed, and there was no payment date either.

  10. #10
    Quote Originally Posted by Jenő Kocsi View Post
    where exactly did you replace this code? I replaced one with the code you wrote, but nothing changed, and there was no payment date either.
    All occurrences of the code should be changed.
    payment date is in database not here.

+ Reply to Thread