The "Action if an isolated comment-in is found" feature is annoying. Here's an example of its effect:
Quote:
Quote:Gnome Nautilus file manager
I suggest using the shell copy command instead:
$ cp -a /path/to/extracted/archive/* /path/to/xoops/installation
Just make sure the paths are correct, that you have permission to overwrite all the files, and backup the XOOPS directory first.*/
1) Is there any way of making a post like that without getting the */ added at the end?
2) Is that check really necessary? How could someone exploit that?
hi Dave.
Quote:
1) Is there any way of making a post like that without getting the */ added at the end?
Turn off the option
If XOOPS_DB_PREFIX is not known by attackers, there are few threat by SQL injection attack.
I think the better argorithm like POST checking will be ok if some "invalid string as SQL" found before the first of '/*'
Quote:
2) Is that check really necessary? How could someone exploit that?
Isolated '/*' makes easier SQL Injection.
eg)
the vulnerability:
"SELECT title FROM ".$xoopsDB->prefix("foo")." WHERE storyid='{$_GET['id']}' AND status>0" ;
Attacker can do:
?id=1'+UNION+SELECT+password+FROM+xoops_users+ORDER+BY+...+/*
I'm sorry that I didnot check the typo in this attack
Anyway, you can easily understand the isolated '/*' is necessary.
Protector rewrites the request likt this:
?id=1'+UNION+SELECT+password+FROM+xoops_users+ORDER+BY+...+/**/
You can also understand this cause SQL error, and attackers can't get the hashed password from users table.
*/