Author |
Message |
03/03/2005 01:02:33
|
yonnermark
Beginner
Joined: 01/03/2005 00:47:29
Messages: 13
Offline
|
i made the 2nd and 3rd changes just in case
There's no point me chaning the 1st is there as I have 2.3.1
thanks
mark
|
|
14/03/2005 14:02:09
|
Anonymous
|
Is there a "final" or complete post with the changes for upgrade of
Advanced Guestbook 2.2 to 2.3.2?
And shouldn't this be an easy Cpanel upgrade instead of altering code?
Thanks.
|
|
14/03/2005 16:25:21
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
If you redownload the files from this site then all exploits, except the possible useragent one.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
20/03/2005 05:42:10
|
Anonymous
|
If there are so many fixes available, why haven't they been implemented in the official release? Is Advanced Guestbook a dead project now?
Anyone care to make a .zip/.tar available of all the files, fixed, so we can easily upgrade our installations without having to make so many edits?
|
|
20/03/2005 08:16:56
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
The only major exploit is the SQL injection exploit in 2.2 that lets you log in to the admin section. This does not exist in 2.3.1 which is the current version. The Cross Site Scripting exploit in 2.3.1 does exist but requires skill to implement and the people that deface guestbooks using the SQL injection are not real hackers but children who found the exploit on a web page. The cross site scripting exploit was silently patched in December by Chi Kien Uong. Why silently? don't ask me. Advanced Guestbook 2.3.1 has been around for atleast two years now without any sign of an update (except the silent one). I have been working on a project I call The db Guestbook which, at present, is Advanced Guestbook 2.3.1 with a lot of code changes etc. There is a more complete list of changes in the General Discussion forum.
Recently, when I have been bored and going around fixing defaced guestbooks, I have been emailing the webmasters telling them to come here or my forums and fix their guestbooks. A few days ao I started thinking that maybe I should just email them the fixed files to patch the login exploit, XSS exploit and to implement my simple spam filter.
Problem with that is some people get paranoid about strange emails. I know in one case the person posted my email on the Page-Zone Hosting forum asking how I had found their guestbook and if they really had been hacked.
A lot of people seem to have just installed the guestbook and then left it, I don't even think they read it.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
17/05/2005 15:23:13
|
Anonymous
|
Just thought you might be interested in this. Lots of interesting information on how sites are XSS hacked and cookies are being stolen.
http://www.waraxe.us/forum-5.html
Is any of this a problem with the Guestbook? It seems that Forums and CMS's are being attacked.
|
|
17/05/2005 16:24:21
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
Not with 2.3.2 it shouldn't be.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
04/09/2005 11:09:39
|
Anonymous
|
You probably have already realized/discovered this, but if you enter ')||('a'='a
in the password field, it will give access to the admin bored.
Sorry in advance if this was already covered with the addslashes patch.
|
|
04/09/2005 11:42:09
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
errrrrrrrr no this was an exploit that only existed in 2.2 and 2.3 for which 2.3.1 was released to patch OVER 2 YEARS AGO!
2.3.4 has no known exploits at present and patches the known XSS exploit and the sad/stupid HTML in the useragent exploit.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
12/09/2005 15:47:11
|
Anonymous
|
When someone tries to write a message in my guestbook this message appears :
One of the input fields does not seem to be valid.
I am using Advanced Guestbook 2.3.2
www.sykestua.com/gjestebok
Any idea?
|
|
12/09/2005 16:10:47
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
yes download 2.3.4 and replace all your files except admin/config.inc.php
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
09/02/2011 22:29:42
|
creiglboyd
Newbie
Joined: 09/02/2011 22:17:00
Messages: 4
Offline
|
Ok thank you for this is very useful
|
|
02/11/2016 16:23:13
|
Przemek
Newbie
Joined: 02/11/2016 16:10:18
Messages: 2
Offline
|
next update?
|
|
04/11/2016 18:55:02
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
Probably never since there hasn't been one in over a decade.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
30/12/2020 10:45:10
|
Oliver_queen
Beginner
Joined: 28/12/2020 04:57:14
Messages: 5
Offline
|
Mechanical Engineering Assignment Help
Mechanical engineering is one of the most important branches of engineering. This is because anything that moves in this world is most likely related to the mechanical engineering. The mathematics and physics used in the branch are very tough and often makes student lose marks as they are not able to complete. Also, the other topics like thermodynamics, the strength of materials, etc. make students study more as they need to learn all the topics to get good marks in their examination. The assignments tend to put extra pressure on their students which is generally not good for their health. To reduce this pressure on students, we at Urgent Homework Help provide online assignment help to students in mechanical engineering under Mechanical Engineering Assignment Help. We have experts who can take care of your assignments while you concentrate on your studies. To know more about us visit our website.
|
|
|