21
phppp
Re: Xoops Multiple Unspecified SQL Injection Vulnerabilities
  • 2007/3/5 12:19

  • phppp

  • XOOPS Contributor

  • Posts: 2857

  • Since: 2004/1/25


As stated in the very first reply:

the reported "issue" is evaluated, by The XOOPS Core Development Team, as not a valid vulnerability.
In a short word, NOT A VALID REPORT

The statement won't be repeated again.

22
AndyM
Re: Xoops Multiple Unspecified SQL Injection Vulnerabilities
  • 2007/3/5 16:28

  • AndyM

  • Quite a regular

  • Posts: 296

  • Since: 2003/8/31


phppp, if no one has done so yet, it would be worth one of the devs to write to security focus to update the report. It would both allay people's fears and be good for XOOPS's, showing that you take these reports seriously, check them out and respond to them.

23
giba
Re: Xoops Multiple Unspecified SQL Injection Vulnerabilities
  • 2007/3/5 16:45

  • giba

  • Just can't stay away

  • Posts: 638

  • Since: 2003/4/26


Very, very thanks AndyM.

This is my wish for all users and support XOOPS in world.

24
irmtfan
Re: Xoops Multiple Unspecified SQL Injection Vulnerabilities
  • 2007/3/6 4:45

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


this is a bit off topic sorry.
there is no official rules for using internet in iran no department for internet&computer crimes either ( as far as i know). so many people called themselves a "Security Team" or "Hackers" without enough backgrounds in internet or security then post some True and FAKE reports everywhere they can especially in reliable security sites (forums or mailing lists) to increase their ranks.

back to topic i totally agreed with you and already send an email to security focus about.

25
phppp
Re: Xoops Multiple Unspecified SQL Injection Vulnerabilities
  • 2007/3/6 6:55

  • phppp

  • XOOPS Contributor

  • Posts: 2857

  • Since: 2004/1/25


Agreed that we should respond to valid security report properly.

For this specific report, there is some story behind:
Before the "issues" were released to public, Mr Omid contacted the XOOPS Core Dev Team at very first time. The Core Team evaluated the issue very quickly and responded him immediately. Both Skalpa and me stated clearly in our emails to him that we don't think it a valid vulnerability, it might be taken care of in future a version of XOOPS but it is not necessary to make any "patch" or "change" objectively for it at this moment.
However, I don't know why the report still got spreaded although the XOOPS Core Team had made clear response to the original discoverer.

26
eric235u
Re: Xoops Multiple Unspecified SQL Injection Vulnerabilities
  • 2007/3/6 15:30

  • eric235u

  • Not too shy to talk

  • Posts: 149

  • Since: 2004/12/19


Hi. I would like to thank the XOOPS developers for participating in this forum thread and setting the record straight. One of my favorite aspects of free / open source software is the communication between users and developers in an open forum such as this. Many thanks.

Login

Who's Online

290 user(s) are online (167 user(s) are browsing Support Forums)


Members: 0


Guests: 290


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits