= 1.0.1 Blind SQL Injection + fix
- nrma
- OFFLINE
-
New Member
- Posts: 1
- Thanks: 0
- Karma: 0
15 years 11 months ago #61743
by nrma
= 1.0.1 Blind SQL Injection + fix was created by nrma
My site was exploited by [EDIT: a CB 1.0.1 only (> 1 year old) vulnerability from 24.04.08}
a quick fix is :
[code:1]
if( isset($_REQUEST) && !ctype_digit($_REQUEST) )
{
die( 'Your IP is logged!' );
}
[/code:1]
just after first line in comprofiler.php file
EDIT: removed link to exploit. Do not make publicity to exploits, and keep your installations up to date. Joomla 1.0.12+ would have avoided that exploit too...
Post edited by: beat, at: 2008/05/05 07:54
a quick fix is :
[code:1]
if( isset($_REQUEST) && !ctype_digit($_REQUEST) )
{
die( 'Your IP is logged!' );
}
[/code:1]
just after first line in comprofiler.php file
EDIT: removed link to exploit. Do not make publicity to exploits, and keep your installations up to date. Joomla 1.0.12+ would have avoided that exploit too...
Post edited by: beat, at: 2008/05/05 07:54
Please Log in to join the conversation.
nant
Team Member- OFFLINE
- Posts: 25531
- Thanks: 1834
- Karma: 877
15 years 11 months ago #61749
by nant
--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting
Visit my CB Profile - Send me a Private Message (PM)
Replied by nant on topic Re:= 1.0.1 Blind SQL Injection + fix
Thats why CB 1.0.2 and CB 1.1 were released.
You should upgrade asap.
You should upgrade asap.
--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting
Visit my CB Profile - Send me a Private Message (PM)
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.423 seconds
