How to fix security bugs/exploit in v1.x, v2.0

treewood (OpenSolution)

Avatar: treewood

2007-03-15 23:13

"config[db_type]" Local File Inclusion Vulnerabilities
http://secunia.com/advisories/23168/

If You have register_globals set ON on Your server and QC lower then 2.1, edit all files in directories:
1. actions_client/
2. actions_admin/

Add something like this at start of all files in this directories:

if( !defined'DIR_CORE' ) )
  exit;


------------------------

"p" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/23738/

1. Edit index.php
2. Find

if( !isset( $p ) || $p == '' ){
  
$p  $config['start_page'];
}

and add

else
  
$p htmlspecialchars$p );

Back to top
about us | contact