How to fix security bugs/exploits in Quick.Cms v0.x, v1.x

treewood (OpenSolution)

Avatar: treewood

2007-09-12 10:39

Here are all we know bugs/exploits for Quick.Cms v1.x and v0.x

#Fix 1
Quick.Cms v1.0, v0.2, v0.3
http://opensolution.org/Quick.Cms/forum/?p=readTopic&nr=132

#Fix 2
Quick.Cms v0.2, v0.3
More details about this exploit is here: http://secunia.com/advisories/22703/
If You cant update Quick.Cms to v1.x then do this few steps:
1. Edit config/general.php and find this:

if( isset( $sLang ) && is_file$config['dir_lang'].$sLang.'.php' ) ){
  setCookie'sLanguage'$sLangtime( ) + 86400 );
  define'LANGUAGE'$sLang );
}
else{
  if( isset( $_COOKIE['sLanguage'] ) )
    define'LANGUAGE'$_COOKIE['sLanguage'] );
  else
    define'LANGUAGE'$config['default_lang'] );
}

change to:

if( isset( $sLang ) && is_file$config['dir_lang'].$sLang.'.php' ) && strlen$sLang ) == ){
  setCookie'sLanguage'$sLangtime( ) + 86400 );
  define'LANGUAGE'$sLang );
}
else{
  if( !empty( $_COOKIE['sLanguage'] ) && strlen$_COOKIE['sLanguage'] ) == )
    define'LANGUAGE'$_COOKIE['sLanguage'] );
  else
    define'LANGUAGE'$config['default_lang'] );
}

Back to top

Over 32 thousand websites based on Quick.Cart and Quick.Cms. See the most interesting ones...

  • Screenshot of website aparperfume.pl
  • Screenshot of website sportowcydzieciom.pl
  • Screenshot of website jezykipodroze.pl
  • Screenshot of website powiat-wieruszowski.pl
  • Screenshot of website 4carriers.com
about us | contact