Support Forums - All Posts - XOOPS Web Application System

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

Forum Index

Board index » All Posts (Jyotirmaya)

« 1 (2) 3 4 5 ... 8 »

11

XF-Section Security Vulnerability

2006/3/17 14:53
Jyotirmaya
Not too shy to talk
Posts: 105
Since: 2005/2/10

I am using XF-section 1.07 (xoops 2.2) and it appears there is a security vulnerability in modify.php. The email below is from my host, purplecloud.

Can anyone advise how I can plug this hole.

My site is www.anandamarga.org.uk, xf-section runs the vegetarian cookbook. Anonymous users are not allowed to modify the entries, and new users have to be accepted by the admins before being activated.

First off - I am going to upgrade to xfs 1.10

Quote:

Hi,

The following script on your hosting account has been exploited by hackers and used to execute a trojan script on our
server:

/usr/local/psa/home/vhosts/anandamarga.org.uk/httpdocs/modules/xfsection/modify.php

Since this appears to be a downloaded script, please can you check that you have the latest version and any security updates installed on your account, or take other steps to ensure that the script is secure.

If similar problems occur again then we may be forced to disable the script concerned.

Regards,
James
Purple Cloud

--
Purple Cloud :: budget hosting solutions
Website:http://www.purplecloud.net
E-Mail: enquiries@purplecloud.net

"You are never alone or helpless, the force that guides the stars guides you too"

Topic | Forum

12

Re: how can i install xoopspoll module for CBB 2.32 ?

2006/3/16 11:42
Jyotirmaya
Not too shy to talk
Posts: 105
Since: 2005/2/10

I have the same problem - I added xoopspoll after installing cbb 2.32
I updated cbb, gave the correct permissions, gave myself access to polls.
Each time I hit new poll, it just start a new discussion topic, not a new poll.

Hjelp

"You are never alone or helpless, the force that guides the stars guides you too"

Topic | Forum

13

Re: newbb Posts pending approval ... email Notification?

2006/2/7 14:12
Jyotirmaya
Not too shy to talk
Posts: 105
Since: 2005/2/10

I am using CBB 2.32 with XOOPS 2.2 and still I don't get notifications of posts pending moderator approval.

Does CBB3.0 resolve this?

"You are never alone or helpless, the force that guides the stars guides you too"

Topic | Forum

14

Re: Anyone got Formulize working with Xoops 2.2 yet?

2006/2/4 10:00
Jyotirmaya
Not too shy to talk
Posts: 105
Since: 2005/2/10

am also happy to document bugs etc...

"You are never alone or helpless, the force that guides the stars guides you too"

Topic | Forum

15

Re: System does NOT mail new user reg notifications

2006/1/30 16:53
Jyotirmaya
Not too shy to talk
Posts: 105
Since: 2005/2/10

I also have this problem on my 2.2.2 site using PHP 5. I am reliant on this because when a user registers I need to add them to a group manually.

"You are never alone or helpless, the force that guides the stars guides you too"

Topic | Forum

16

Re: Picking up windows environment variables in PHP

2005/12/21 10:53
Jyotirmaya
Not too shy to talk
Posts: 105
Since: 2005/2/10

Thanks DT,

this sounds like the most do-able solution. Will need to research how to create the cookie with policies, but have been using the autologin hack on a few sites and it works well.

Only one problem, autologin doesn't work with LDAP authentication, but I believe the Pierre-Eric who wrote the LDAP authentication code is working on this.

"You are never alone or helpless, the force that guides the stars guides you too"

Topic | Forum

17

Re: Picking up windows environment variables in PHP

2005/12/20 17:40
Jyotirmaya
Not too shy to talk
Posts: 105
Since: 2005/2/10

You may be right.
I did find a way to do it if you are running IIS and have anonymous access turned off:-
http://www.phpbuilder.com/lists/php-general/2003012/0972.php

But irrelevant for me since I run Apache.

"You are never alone or helpless, the force that guides the stars guides you too"

Topic | Forum

18

Re: Picking up windows environment variables in PHP

2005/12/20 15:16
Jyotirmaya
Not too shy to talk
Posts: 105
Since: 2005/2/10

hmmmmmm,

would it then be correct to say that because PHP runs all its scripts server side that this cannot be done in PHP?

Should I look at something maybe in JSP (security issues aside) that can pass these variables over to PHP somehow?

Perhaps it is possible to get a batch script to pass the environment variables onto (what?) that PHP could pick up on - I have an active directory environment where I could use policies to run batch scripts as part of the logon process....

"You are never alone or helpless, the force that guides the stars guides you too"

Topic | Forum

19

Re: Picking up windows environment variables in PHP

2005/12/20 14:42
Jyotirmaya
Not too shy to talk
Posts: 105
Since: 2005/2/10

Anybody have any experience using this:-
print_r($_SERVER)
=====================
Or I found a reference to shell_exec, something like this:-.
<?php
$blah = shell_exec ("echo %ComputerName%");
print $blah;
?>
================
Also found a reference to the GETENV command (use with remote_user ?)
http://uk.php.net/getenv
=======================
Anybody know which of these might be best to use and how to implement to populate the login form (user.php)

"You are never alone or helpless, the force that guides the stars guides you too"

Topic | Forum

20

Re: Picking up windows environment variables in PHP

2005/12/20 14:23
Jyotirmaya
Not too shy to talk
Posts: 105
Since: 2005/2/10

Not sure if I understand it correctly, but I think winbinder would need a particular DLL installed on each client machine.

I would like to keep XOOPS strictly browser based (I don't really fancy having to download a dll onto each client before they can use the functionality - seems like some security issues with that)

"You are never alone or helpless, the force that guides the stars guides you too"

Topic | Forum

Top

« 1 (2) 3 4 5 ... 8 »

Login

Username

Password

Remember me

Register now! | Lost Password?

Search

Advanced Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/16 2:02 Mamba
Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

3/14 20:34 hnn_gerd
Re: NewBB v 5.1.0 b 6

3/7 12:07 Mamba
Re: NewBB v 5.1.0 b 6

2/23 2:57 Mamba
NewBB v 5.1.0 b 6

2/17 18:57 spierrard
Re: XOOPS 2.5.11 search user is not working

2/14 13:11 Mamba
Re: oledrion

2/14 11:29 Mamba
Re: oledrion

2/13 15:22 oswaldo
Re: oledrion

2/12 19:20 Mamba
Re: oledrion

2/12 16:02 oswaldo

Who's Online

207 user(s) are online (127 user(s) are browsing Support Forums)

Members: 0

Guests: 207

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}