xoops forums

Catzwolf

Home away from home
Posted on: 2008/4/15 7:53
Catzwolf
Catzwolf (Show more)
Home away from home
Posts: 1392
Since: 2007/9/30
#1

WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)

Hiya,

If you are still using WF-Sections v1+ and v2+ then I suggest that you read this please.

It has come to my attention that there is a few very bad security exploits that some people could use to gain access to your website. I suggest that all users of this module should either:

1. Deactivate the module for the time being (recommended) or..
2. Renaming XOOPS_ROOT_PATH/modules/wfsections/ratefile.php and print.php.

I am now in the process of doing a full audit of all the WF-Sections code and closing these and all possible security risks that may arise in the future.

I will keep you all posted on an update.

John (AkA Catzwolf)

comegona

Not too shy to talk
Posted on: 2008/4/15 15:24
comegona
comegona (Show more)
Not too shy to talk
Posts: 165
Since: 2003/11/9
#2

Re: WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)

I’ve been trying for a long time to migrate from ver 1 to 2 or something else but all my requests for an upgrade script have been ignored or “lost in the wind”.

avtx30

Not too shy to talk
Posted on: 2008/4/15 16:22
avtx30
avtx30 (Show more)
Not too shy to talk
Posts: 181
Since: 2006/10/12
#3

Re: WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)

I had wf-section 2.0.7. I did the following steps to migrate it to Pico

1) Updated Wf-sections to 2.92
2) Export from Wf-sections 2.92 to SmartSection 2.13 (hack needed)
3) Import from SmartSection 2.13 to Pico 1.6
4) Uninstall and remove Wf-section (2.0.7, 2.92), SmartSection 2.13

For me Pico is the fastest and greatest content management module!

If anyone intersted in, I will post the 'how to' in more detail.

Peekay

XOOPS is my life!
Posted on: 2008/4/15 21:51
Peekay
Peekay (Show more)
XOOPS is my life!
Posts: 2335
Since: 2004/11/20
#4

Re: WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)

I found WF-Section 2.0.7 beta 3 worked very well. It really is a fantastic module, particularly the author-bio block, the 'discuss in forum' button and 'related item' links. These are the things that in my experience article authors really like.

Releasing a secure version would deserve mucho kudos IMHO
A thread is for life. Not just for Christmas.

comegona

Not too shy to talk
Posted on: 2008/4/25 16:35
comegona
comegona (Show more)
Not too shy to talk
Posts: 165
Since: 2003/11/9
#5

Re: WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)

Well thanks for all the upgrading suggestions, but none addressed the fact I have version 1. If I had version 2 I would have moved from this awhile back.

Hoosty

Just popping in
Posted on: 2008/4/25 17:39
Hoosty
Hoosty (Show more)
Just popping in
Posts: 14
Since: 2004/5/8 1
#6

Re: WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)

I had Wf-section version 1 for a long time and after it was sort of abandoned and until picked up again I was stuck with it. I found that over at the smartfactory, smartsections has a function to upgrade from WF-sections.

I installed smartsections and then ran the script and i had thousands of pages and images and all migrated / updated without a hitch, including page hits /users, and post dates.

Of course then your using smartsections, but well I guess thats up to your personal preference. Though I have no problems with smartsections

I hope this is of some assistance to you.

Cheers