Main Menu
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register /  [Login] Login 
Security Issue with Advanced Poll  XML
Forum Index » Support Forum
Author Message
[Post New]29/10/2003 05:49:41
    Subject: Security Issue with Advanced Poll
[Up]
cgotstein
Newbie

Joined: 29/12/2002 08:20:36
Messages: 1
Offline
Just saw this come throught tonight about a security issue with Advanced Poll. Here is the link:

http://www.securityfocus.com/bid/8890/info/

Any word on a fix?
[Post New]29/10/2003 10:47:33
    Subject:
[Up]
Auron
Expert
[Avatar]

Joined: 23/06/2003 22:02:17
Messages: 1053
Offline
But what does it actually do?

It doesn't say it does anything bad, but obviously it may do.

Okay read a bit more this time... (under discussion link from link above)

Several problems exist in Advanced Poll when handling input from remote users. Because of this, an attacker may be able to gain sensitive information, include php files, or execute PHP code.


All I can say to this is use .htaccess files these folders; include, polldata, lang and admin. That should stop anyone being able to access the files directly on your server. I THINK, THIS MAY NOT WORK BUT IT MIGHT!

Auron
Visit my site @ www.ragnaru.com
Adv. Poll Install Guide NOW BACK ONLINE! (And also rather out of date I would of thought)
[Email] [WWW]
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum