tufat.com — "Phpizabi has got to be the most hackable dating script till date. (Clearly the Winner with no other sites to contest for). First time user who did not visit the forum and download the hotfixes are 101% vulnerable to the attack. Bearing in mind that the hotfixes only prevents hackers from making INSERT statement to the database. You are force to"
Jul 21, 2006 View in Crawl 4
cartman2005Jul 21, 2006Submitter
Surprisingly, any new sites that have installed the script are vulnearable,Their adminstration page can be access easily just by typing "/?L=admin.index" at the end of the domain.ie. <a class="user" href="http://www.yoursite.com/?L=admin.index">http://www.yoursite.com/?L=admin.index</a>Using this google link "<a class="user" href="http://www.google.com/search?hl=en&q=phpizabi+hacked&btnG=Search">http://www.google.com/search?hl=en&q=phpizabi+hacked&btnG=Search</a>", you should be able to find a few hundreds of sites using PHPizabi already been hacked.In response to this, the programmer seems to have done nothing to upgrade the script. I download a copy of the script and test it......and still found the script still hackable upon installation......I didn't even bother to register to their forum to find out how to fix it.......lol
cartman2005Jul 21, 2006Submitter
Surprisingly, any new sites that have installed the script are vulnearable,Their adminstration page can be access easily just by typing "/?L=admin.index" at the end of the domain.ie. <a class="user" href="http://www.yoursite.com/?L=admin.index">http://www.yoursite.com/?L=admin.index</a>Using this google link "<a class="user" href="http://www.google.com/search?hl=en&q=phpizabi+hacked&btnG=Search">http://www.google.com/search?hl=en&q=phpizabi+hacked&btnG=Search</a>", you should be able to find a few hundreds of sites using PHPizabi already been hacked.In response to this, the programmer seems to have done nothing to upgrade the script. I download a copy of the script and test it......and still found the script still hackable upon installation......I didn't even bother to register to their forum to find out how to fix it.......lol