Hello
since there is no answer from the author of debaser about the Bug found in the gener.php file and posted online here
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1660/exploit.htmlwe have maybe just to depand on protector to help prevent the injection , but my quastion has any one got answer how to solve the bug or if protector help's prevent any use for this bug
thx
hi onasre.
It looks just a typical SQL Injection.
Of course, it is the best way that the author fixes it.
But almost threats from SQL Injection can be excluded by Protector's setting.
1) rename prefix other than "xoops"
2) set "Action if an isolated comment-in is found" sanitizing or upper.
3) set "Action if a UNION is found" sanitizing or upper.