Quote:
Originally Posted by Why
NATS uses smarty and there are known exploits to smarty.
does your members area use any open source software? or on any of your servers whose IP is allowed into the nats database have any?
here is a scenario.... Open source forum/ticket/gallery software in members area(or on any other server) with a known exploit. maybe this exploit allows a hacker to upload code to your server, that code could allow a hacker to read every file on your system(along with anything else they might want to do), thus allowing them to find your DB settings. with those he can write his own script to read your entire database and print it out, email it, or otherwise return it to him. said hacker then uses said database info to make money spamming your members.
so next time you think its NOT a hack job you might want to think again. until you understand how hackers work and how they get in, move around, get what they want and get out, you cant rule them out. doing so is just frankly silly. don't be so secure in your superiority.
|
Smarty is prone to abuse because of piss-poor coding habits...just like any other PHP-made script.
Quote:
Smarty is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Version 2.6.9 is affected.
|
Simple fix:
Code:
$variable = mysql_real_escape_string($variable);
that easy to fix.
