TinyRise 邮件欺诈可重置任何人密码和后台sql注射

简要描述： TinyRise 邮件欺诈可重置任何人密码和后台sql注射 详细说明： simple.php: public function forgetact $email = Filter::sqlReq::args'email'; $model = $this-model-table'user'; $obj = $model-where"email = '".$email."'"-find; if!empty$obj $model = $this-model-table'resetpassword'; $obj = $model-where"email =...

After Five Years, SAFECode Sees Software Security Progress, But Challenges Remain

Software security, code quality and the iea of building security into applications from the design phase forward have become touchstones for any conversation about how to improve the security of the Web and the general IT infrastructure. But it wasn’t always thus. In fact, it wasn’t too many year...

New Study Sees Need for Better Software Integrity Controls

Software security has become one of the more widely discussed and debated topics in the security industry in the last few years, as many software vendors and enterprises both large and small have begun to to focus considerable attention on improving the processes they have in place for producing...