1
Bugs / Re: An Error Has Occurred! Hacking attempt...
« on: July 19, 2008, 06:49:30 am »Please help me!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Hacking attempt...
INSERT INTO smf_personal_messages
(ID_MEMBER_FROM, deletedBySender, fromName, msgtime, subject, body)
VALUES (1, 1, SUBSTRING('Alma', 1, 255), 1208990790, SUBSTRING('3 D€SIGN'S enviado hacia ti por Alma', 1, 255), SUBSTRING('Alma te ha enviado 3 D€SIGN'S. Si han enviado un mensaje explicando por que, estara abajo:\r\n\r\n Por que tu lo vales\r\n Ten un buen dia,\r\n --Administracion del foro', 1, 65534))
Archivo: /forum/Sources/Subs-Post.php
Línea: 806
The file Subs-Post.php: // Insert the message itself and then grab the last insert id.
db_query("
INSERT INTO {$db_prefix}personal_messages
(ID_MEMBER_FROM, deletedBySender, fromName, msgtime, subject, body)
VALUES ($from[id], " . ($store_outbox ? '0' : '1') . ", SUBSTRING('$from[username]', 1, 255), " . time() . ", SUBSTRING('$htmlsubject', 1, 255), SUBSTRING('$htmlmessage', 1, 65534))", __FILE__, __LINE__);
$ID_PM = db_insert_id();
And the message of confirmation is not sent, though yes the money is added.