Quote:
Originally posted by madthumbs
That isn't a hack .. heh ..
The form for uploading isn't part of the original submission, it's a seperate script .. someone basically did a /upload_form.php?id=6666&path=C:\file.jpg and overwrote the thumbnails ...
It's fixed now .. can't get everything on the first go around .. but it does check the referrer now .. heh
Oh well ...
|
... security/accesscontrol based on Refererinfo sounds like a bad idea ;).