[SOLVED] security issue

Discuss everything related to PHP Hotel Site. All versions. Any questions related to the PHP Hotel Site developing or using should be posted to this forum.

Moderator: alexandrleonenko

akis
Expert
Expert
Posts: 70
Joined: Feb 20th, '13, 20:33

[SOLVED] security issue

Postby akis » Aug 1st, '19, 17:39

Hello,
i just realized that my site has been hacked.
Has someone else realized something?
It is a big problem because they send messages to customers asking to send them money.
Please help.

waldy
Newbie
Newbie
Posts: 6
Joined: Aug 21st, '19, 13:05

Re: hacking

Postby waldy » Aug 21st, '19, 21:14

i found this link in the net:
https://packetstormsecurity.com/files/1 ... ction.html

i found this soft for testing. maybe you can try it. please return result
https://www.acunetix.com/web-vulnerabil ... r/us-demo/

administrator
Site Admin
Site Admin
Posts: 6098
Joined: Jan 7th, '09, 23:18
Contact:

Re: hacking

Postby administrator » Aug 31st, '19, 17:07

The fixed version was reuploaded.
You may redownload your script.

For manual fix do following:

1. In include/functions.validation.inc.php add following function:

Code: Select all

/**
 * Checks if a given parameter is a valid alpha dashed value
 * @param string $val
 * @return boolean
 */
function is_alpha_dashed($val = '')
{
    if(preg_match('/[^a-zA-z_\-]/',$val)){
        return false;
    }else{
        return true;
    }
}


2. In include/classes/core/Pages.class.php file find following line of code

Code: Select all

}elseif($page_id != '' && !is_numeric($page_id)){

and replace it with

Code: Select all

}elseif($page_id != '' && is_alpha_dashed($page_id)){


That's all!


Return to “ApPHP HotelSite / uHotelBooking Talk {developers/users}”