Security Advisories

ITT: We share 0day security vulnerabilities in public software.

Me first.

OsCommerce Newsletters & Subscribers Osc Addon (Download Link: http://addons.oscommerce.com/info/8540)
Vulnerable code:

newsletters_subscribe.php line 16:
$subscribers_info = tep_db_query("select subscribers_id from " . TABLE_SUBSCRIBERS . " where subscribers_email_address = '" . $HTTP_POST_VARS['Email'] . "' ");

There are various other points in the code where POST input is not sanitized allowing SQL injection.

.php
eeeeeeeew

go whine somewhere else hipster

php
Guess we've found OP's problem.

ITT: We estimate how many billions of dollars SQL injections cost major companies each year. And then we produce a static typing system that completely eliminates the possibility of an SQL injection. And then we wounder why the world is so retarted.

the fact that nobody has done that yet and the fact that sanitizing input is so easy makes me wonder why the world is so retarded

>>6
Jews it that way, so goyim will feel insecure.

>>7
http://www.youtube.com/watch?v=Wwnd0lTamvg

osCommerce is quite possibly the shittiest CMS I have ever had to work with.  One little error and the whole site goes down. Warnings everywhere is standard procedure. SQL injections out the ass.  Shit don't work.  And some German faggot named Harald Ponce de Leon is in charge of it all. 

I've had to rewrite tons of these contributions because most of them were either abandonware or written during the Dark Ages of PHP4.  If you do decide to contribute to osCommerce and post code, you'll have a ton of assholes selling crap to fatfuck America who want you to fix their site for free. 

PHP makes me drink and beat my girlfriend.  Hack away!

>>9
PHP makes you drink your girlfriend? How terrible!

This thread is unnecessary:
https://www.google.com/search?q=inurl:.php

https://www.google.com/search?q=inurl:.php
I try to save HTML/PHP files with the .php extension, but when I open the files it shows me filename.php.txt.
THAT WAS VIP QUALITY!

HTML/PHP
C/C++
GNU/Linux

>>9
filetype:php

/polecat kebab/

>>5
Major companies think that it costs more to pay for intelligence at the outset than it does to settle for stupidity and deal with its consequences as they go. They are wrong.

It's hard to demonstrate this by looking at a quarterly balance sheet, though, because all the expenses incurred in dealing with stupidity are classified as ``unexpected'' or ``exceptional''. The people reviewing the balance sheets are not smart enough to ask how things that happen regularly can be considered to be unexpected. (If they were, they'd be engineers, not managers.)