Main Menu
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register /  [Login] Login 
Guestbook header image  XML
Forum Index » Support Forum
Author Message
[Post New]27/12/2004 14:18:35
    Subject: Re: Warning
[Up]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline
Anonymous wrote:Well I am in a different time zone, so I was taking zzzzzzz....

My emotions are all mixed up now, I appreciate you telling me about the vulnerability of the Guest Book and Forum; yet on the other hand flustrated that you let anyone else visiting the forums know also.

I ran the same programs on my last site for over 5 years without any issues, so now the world knows the vulnerabilities I need to find some way tp solve this.

Steven


The world new about this vulnerability long before this. It isnt anything that is new. And as far as the html exploit. I dont know if there is a fix for this or not. Carb maybe working on something but I'm not real sure. As to the other exploit that is an easy fix.
LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
[Post New]27/12/2004 15:24:05
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
The SQL injection exploit has actually been around since 2002 from what I can gather. I assume it was only recently that kiddies with no life discovered it on the net. As for the HTML "exploit" that must of been discovered sometime this year. My fix is to disable html. I have removed the option from the version I am working on. I am also considering removing AGcode as nobody ever seems to use it.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]28/12/2004 01:18:23
    Subject:
[Up]
amber222
Graduate

Joined: 07/05/2004 21:13:07
Messages: 586
Offline
I deleted my previous post. You should register so you can edit your posts.
[Post New]28/12/2004 12:01:00
    Subject: Did and didn't
[Up]
memoire
Newbie
[Avatar]

Joined: 25/12/2004 14:29:45
Messages: 2
Location: Japan
Offline
Hi Amber 222,

well I did register and received the notice and verified the account, but up until today I couldn't log in - now however everything is fine regarding logging into the forum.

The Guestbook seems to be OK now, and I updated the header images as per Carbonize's other posting.

Only the update for the email encriptions is pending. May have another crack at it over the holidays using the files you sent me.
Thanks
Cheers
Steven
[WWW]
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum