XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. Xoops Development / 
  3. Xoops Bug Reports
  4. Xoops 2.0 Bug Report 
  5.  / Security Tracker Report
Register
1
kahumbu
Security Tracker Report

  • 2004/2/3 21:27

  • kahumbu

  • Documentation Writer

  • Posts: 277

  • Since: 2003/8/23


I would like to know if we have already addressed this bug report from Security Tracker?

http://securitytracker.com/alerts/2004/Jan/1008849.html

The report is actually a bit way over my head, but it states that it might be a security bug.

Thanks!
2
Mithrandir
Re: Security Tracker Report

Could have just bumped the old thread.

I know that at least we module devs (including some core devs) are aware of the report and are currently trying to figure out, what is causing it and how it can be exploited so it is possible to find out, how it can be prevented.

Until then, as we probably should with all modules, since it is a cross-site scripting issue, everyone are advised not to click on direct links for e.g. forum posts unless

a) you trust the poster
b) you can see that the link does not have more than the proper amount of variables (someone please confirm this, I'm no security expert) and no "weird" code after the normal query string
3
kahumbu
Re: Security Tracker Report

  • 2004/2/3 22:20

  • kahumbu

  • Documentation Writer

  • Posts: 277

  • Since: 2003/8/23


Quote:

Mithrandir wrote:
Could have just bumped the old thread.

Yes, I know. Sorry about that. Probably a bit paranoid after my site got defaced a month ago. BTW, what is a cross-site scripting issue?

Anyway, I'm glad the team already knows about this. Thanks!
4
Mithrandir
Re: Security Tracker Report

Quite thorough guide:
http://phpadvisory.com/articles/view.phtml?ID=4
5
onokazu
Re: Security Tracker Report

  • 2004/2/6 14:49

  • onokazu

  • XOOPS Founder

  • Posts: 617

  • Since: 2001/12/13


Yes, this has been fixed on CVS and we are making it ready to be included in the 2.0.6 release.

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

134 user(s) are online (91 user(s) are browsing Support Forums)

Members: 0

Guests: 134

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits