You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 531 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
SQL injection vulnerability
SecurityA new SQL injection vulnerability has been discovered. We are currently testing a suggested code fix, to ensure it will prevent the injection. As well we are checking on the limitation of the vulnerablity.

Reference to the vulnerability is here. http://www.securityfocus.com/archive/1/343930/2003-11-07/2003-11-13/0

Posted on Monday, November 10 @ 12:59:43 CET by IACOJ
 
Related Links
· Computer Cops
· More about Security
· News by IACOJ


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 1
Votes: 1


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: SQL injection vulnerability (Score: 1)
by Mesum on Monday, November 10 @ 14:37:45 CET
(User Info | Send a Message) http://www.desitribe.com
What file does this code goes to... profile.php?



Re: SQL injection vulnerability (Score: 1)
by IACOJ on Tuesday, November 11 @ 09:39:29 CET
(User Info | Send a Message)
Hi everyone.

Please don't assume inserting the code that was suggested, in the original phpbb post works to make your site secure. In point of fact it does not. We will release a patch once the exploits are found and fixed. Until then, my best suggestion is to change the chmod of modules/Forums/admin folder to 000.

Yes that means you can't go in there to do anything, but it also means that someone else can't go in there and lock your board out, change your permissions etc

We were hoping to have something released for you last night, obviously that didn't occur.


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.090 Seconds - 230 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::