1
Catzwolf
WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)
  • 2008/4/15 7:53

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


Hiya,

If you are still using WF-Sections v1+ and v2+ then I suggest that you read this please.

It has come to my attention that there is a few very bad security exploits that some people could use to gain access to your website. I suggest that all users of this module should either:

1. Deactivate the module for the time being (recommended) or..
2. Renaming XOOPS_ROOT_PATH/modules/wfsections/ratefile.php and print.php.

I am now in the process of doing a full audit of all the WF-Sections code and closing these and all possible security risks that may arise in the future.

I will keep you all posted on an update.

John (AkA Catzwolf)

2
comegona
Re: WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)
  • 2008/4/15 15:24

  • comegona

  • Not too shy to talk

  • Posts: 165

  • Since: 2003/11/9


I’ve been trying for a long time to migrate from ver 1 to 2 or something else but all my requests for an upgrade script have been ignored or “lost in the wind”.

3
avtx30
Re: WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)
  • 2008/4/15 16:22

  • avtx30

  • Not too shy to talk

  • Posts: 181

  • Since: 2006/10/12


I had wf-section 2.0.7. I did the following steps to migrate it to Pico

1) Updated Wf-sections to 2.92
2) Export from Wf-sections 2.92 to SmartSection 2.13 (hack needed)
3) Import from SmartSection 2.13 to Pico 1.6
4) Uninstall and remove Wf-section (2.0.7, 2.92), SmartSection 2.13

For me Pico is the fastest and greatest content management module!

If anyone intersted in, I will post the 'how to' in more detail.
Xoops Demos:
http://www.nhatban.net/info/a0021.html

4
Peekay
Re: WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)
  • 2008/4/15 21:51

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


I found WF-Section 2.0.7 beta 3 worked very well. It really is a fantastic module, particularly the author-bio block, the 'discuss in forum' button and 'related item' links. These are the things that in my experience article authors really like.

Releasing a secure version would deserve mucho kudos IMHO
A thread is for life. Not just for Christmas.

5
comegona
Re: WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)
  • 2008/4/25 16:35

  • comegona

  • Not too shy to talk

  • Posts: 165

  • Since: 2003/11/9


Well thanks for all the upgrading suggestions, but none addressed the fact I have version 1. If I had version 2 I would have moved from this awhile back.

6
Hoosty
Re: WF-Sections V2: New Exploits and Security Issues (Users MUST READ this)
  • 2008/4/25 17:39

  • Hoosty

  • Just popping in

  • Posts: 14

  • Since: 2004/5/8 1


I had Wf-section version 1 for a long time and after it was sort of abandoned and until picked up again I was stuck with it. I found that over at the smartfactory, smartsections has a function to upgrade from WF-sections.

I installed smartsections and then ran the script and i had thousands of pages and images and all migrated / updated without a hitch, including page hits /users, and post dates.

Of course then your using smartsections, but well I guess thats up to your personal preference. Though I have no problems with smartsections

I hope this is of some assistance to you.

Cheers

Login

Who's Online

156 user(s) are online (96 user(s) are browsing Support Forums)


Members: 0


Guests: 156


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits