XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. XOOPS general usage questions 
  4.  / SQL Injection
Register
11
wtravel
Re: SQL Injection

While this is a function it depends on the input value whether or not this is a security issue. If $lid is checked for being an integer before using it with this function this is not an issue.
12
Marco
Re: SQL Injection

  • 2007/8/31 10:01

  • Marco

  • Home away from home

  • Posts: 1256

  • Since: 2004/3/15


those sort of issues have already been reported to core. The team is aware of that, dugris has incorporated those in a dedicated branch (see revision 997 http://xoops.svn.sourceforge.net/viewvc/xoops/?pathrev=997). Herve's 2.0.17 has fixed all of the strongest holes. The core team decided not to add those in the official 2.0.17 (http://sourceforge.net/forum/message.php?msg_id=4471768)
bad.
marco
Do synergy or die.
13
Cuidiu
Re: SQL Injection

  • 2007/8/31 15:34

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


I've been away and it appears I've missed a few things. I'm still using version 2.0.16. Should I upgrade to Herve's version or use this revision 997 Marco mentioned? I don't know much about PHP. How would I incorporate rev 997?

Also, I have a few XOOPS v 2.2.4 sites - highly customized. I can't upgrade to 2.2.5 because of all the customizations. Hopefully the SQL injection does not affect the 2.2.4 version?

Quote:

Marco wrote:
those sort of issues have already been reported to core. The team is aware of that, dugris has incorporated those in a dedicated branch (see revision 997 http://xoops.svn.sourceforge.net/viewvc/xoops/?pathrev=997). Herve's 2.0.17 has fixed all of the strongest holes. The core team decided not to add those in the official 2.0.17 (http://sourceforge.net/forum/message.php?msg_id=4471768)
bad.
marco
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]
« 1 (2)

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

307 user(s) are online (244 user(s) are browsing Support Forums)

Members: 0

Guests: 307

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits