[eestevao]

Just receive this http://1337day.com/exploit/19778


Its only afted on 1.1.8? (i know its a old version)

Was a security hole on the framework or on the developed application(i mean can be a problem with AR or something built-in?) ??

[Da:Sourcerer]

I can't find a ticket related to this. And this exploit doesn't seem to affect v1.1.12.

[Maurizio Domba]

This is related to the Nguyen website, check the pictures on the original exploit page - http://i.imgur.com/8OShy.pngriable

His website is still vulnerable to this exploit... this is the code he is using

$q = Yii::app()->getRequest()->getPost("q");

$products = product::model()->findAll(array(
   "condition" => "enable = 1 AND name like '%" . $q . "%'"
));

Problem is that he is using directly the pased search variable $q, instead of binding for example or sanitizing the input.

[Maurizio Domba]

I just tryed to send an email to the website owner through the contact us form... but even there is an error so the mails are not sent I guess

http://baniphone.vn/lienhe/submit

If somebody has a way please let the website owner know about this exploit.

[samdark]

Site owner has YII_DEBUG turned on as well.

[samdark]

Found email. Sent a link here to website support.

[samdark]

Email doesn't repond after all. Looks like this website is abandoned.