SQL Injection

[galnet]

Dear Admin.

I've searched the fourms and haven't seen this posted anywhere so I'm just wondering if our sites are protected from SQL Injection.

For people that don't know what this is:

SQL injection attacks are possible when data submitted by a web visitor (whether logged in or not, doesn't matter) is allowed to pass unfiltered into SQL statements executed by the code.

Again due to the coding being encrypted, it is not possible for each user to check for this, however I strongly belive that if it has not been checked before now, the admin should put this at the top of your to do list.

Regards,
Mat.

[zeffer]

Yes we do have more than most peoples protection against sql injection, the site i think you are reffering to might be the password grabber. BBut vshare operates on a md5 encryption, also the admin and coders put out extra security last update and the next one to come.

[leki]

i tested the some of the known SQL injection exploits that were going round and one did reveal the administrator username and MD5 encrypted password on vshare. i PM'ed the vshare admin with the details and its patched in the last release.

on other youtube clone scripts i could get the admin username and password though and i read many sites are being hacked using it. Glad that vshare is protected from that one at least.

Maybe there are more though? :(

[galnet]

Great news!

Another reason why vShare shines over the others!
Keep up the great work!

Regards,
Mat.

[zeffer]

Hell yeah thanks to admin and coders we wont get hacked as easily as other scripts. Woot! Good job mate.

[turtletracker]

This is good news for us and bad news for the other scripts out there;)