I'm using the most recent version but this version is not very secure....
Query strings like these dynamically generates 10 php pages in a WebsiteBaker site, which are used to send spam:
As you can see the query string is able to set safe_mode Off, override the disable_function settings of php and insert malicious code in a WebsiteBaker page.
What can be done the intercept query string like these?
and what we shall do with this code? Pin it at the wall?
There are more then 500 possibilities to call WB. At which of these request your string of args shall be attatched? Which version/revision of WB? Which module and its version? What's the environment of your server?
Please: If you send a true security hint, then do it in a clear, straight and complete way so we can reproduce the issue.
thanks in advance
[edited by admin: it's "which", not "witch" (=evil woman flying around on a broomstick)