XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. Beginner's Corner 
  4.  / Security bug?
Register
1
coops
Security bug?

  • 2005/10/6 22:13

  • coops

  • Just popping in

  • Posts: 82

  • Since: 2005/6/15


I'm using 2.0.13.1 and have recently moved sites. That was fine, however it has developed a "random feature" that could be a security hole. It takes some links and adds a ?PHPSESSID at the end.

For example: http://www.myxoopswebsite.com/modules/tinycontent/index.php?id=4&PHPSESSID=ccbr2106of3f40if1c5b6c02de855f4f

(actual details changed for security)

Now, if it is not a security concern: great! However, I now just try and edit something in tinycontent, for example create a link on my page. For example:
http://www.myxoopswebsite.com/modules/tinycontent/index.php?id=4

I click save, and then go to view the page from the front end of my site, and it has that PHPSESSID at the end! I then go to edit it, and it has it there too!

(Note: this does not happen for auto generated urls, like "Top 10 Downloads" or my user menu blocks)

Is it a concern? How can I make it stop?
2
m0nty
Re: Security bug?

  • 2005/10/6 22:46

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


search is a great tool :)

https://xoops.org/search.php?query=phpsessionid&action=results

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

411 user(s) are online (68 user(s) are browsing Support Forums)

Members: 0

Guests: 411

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits