How to fix security bugs/exploit in v1.x, v2.0

treewood (OpenSolution)

Avatar: treewood

2007-03-15 23:13

"config[db_type]" Local File Inclusion Vulnerabilities

If You have register_globals set ON on Your server and QC lower then 2.1, edit all files in directories:
1. actions_client/
2. actions_admin/

Add something like this at start of all files in this directories:

if( !defined'DIR_CORE' ) )


"p" Cross-Site Scripting Vulnerability

1. Edit index.php
2. Find

if( !isset( $p ) || $p == '' ){
$p  $config['start_page'];

and add

$p htmlspecialchars$p );

Back to top
about us | contact