No, this isn't about the competition, but about our website. I got a text message tonight stating that our site was down. When I looked at it, I saw:
Parse error: syntax error, unexpected T_STRING in /home1/ipirates/public_html/admin/settings.php on line 6
Which led me to believe the file was not intact. Upon taking a look at the file, I saw that it had been modified by someone. It says:
Code:
<?php
$title = "HAXORED";
$copyright = "©2009-2011 Monroe Trojan Robotics";
$footer1 = "Logos of FIRST and our sponsors are trademarks of their respective owners. All rights reserved.";
$footer2 = "Running ScurvyCMS, coded by Brandon Dusseau. Your site is vulnerable to SQL injection.";
$footer3 = "Also your <a href="[omitted]">[omitted]</a> page is wide open.";
?>
What I'd like to know is who is responsible for this. I'm not pointing fingers or anything, but at least they could have emailed us instead of poking around in our site settings. Looks like I get to go on a code hunt and check the database for issues. This should be fun, considering there are no backups.
I realize I have to sanitize my login input for the admin panel with SQL Injection prevention... I don't feel like messing with it though, because I'm tired from the competition. So thank you mysterious hacker, you've made my day difficult.