If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Guestbook 2.2 exploit fix  XML
Forum Index » Support Forum
Author Message
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4290
Location: Bristol, UK
Offline

Anonymous wrote:I have a fix for the exploit to

upgrade to 2.3.1

holy crap, it works

it also creates an admin login loop unless you change the field type of one of the SQL fields. For most people there is no need to updat as 2.2 has all the features they want.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Anonymous



Thanks for posting the fix for the hack 'exploit'. My guestbook has been hacked twice, hopefully this will put a stop to that
Anonymous



Can someone tell me what the default username and password is?
Thanks.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4290
Location: Bristol, UK
Offline

Default username and password are test and 123 respectively. You can also use www.carbonize.co.uk/reset.zip to reset the username and password to anything you wish.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Anonymous



Thanks for the fix, worked like a charm.
Anonymous



Carbonize wrote:
Anonymous wrote:I have a fix for the exploit to

upgrade to 2.3.1

holy crap, it works

it also creates an admin login loop unless you change the field type of one of the SQL fields. For most people there is no need to updat as 2.2 has all the features they want.


Just wanted to know if this is still the recommended action? ie: am using 2.2 and have applied the fixes recommended in the sticky posts so is staying with this version still okay?
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4290
Location: Bristol, UK
Offline

If you are using 2.2 I recommend sticking with it. You could upgrade to 2.3.1 but if you have any posts with pictures in them you will lose the pictures due to the MySQL tables being changed. If you have applied the patch then you will be secure(er). Just remember to disable HTML in posts.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum