PEAK XOOPS - Re: New hack that is using XFSection in englishin japanese

Top > XOOPS Modules >Protector >New hack that is using XFSection

Re: New hack that is using XFSection

List posts in the topic

none Re: New hack that is using XFSection

msg# 1.1.1.1
depth:
3
Previous post - Next post | Parent - Children.1 | Posted on 2007/6/14 4:19
GIJOE  Gunnery Sergeant   Posts: 4110
Quote:

Do you have a list of modules that allow this 'crack'
Old *Content with spaw.
They all have the same fatal vulnerability.

Old WF-* and XF-*.
They have super global extractions.

Almost modules registered in xoops.org.
85-95% of the modules may have XSS/ScriptInsertion.
65-85% of the modules may have SQL Injections.

Quote:
Could Protector do a sanity check on installed modules? That would be a neat idea to implement if it were possible.
It is not easy to implement the sanity check against module's codes.

All I can say, don't use modules made by poor skilled developpers.

Quote:
Quote from my hoster
"Many scripts rely on allow_url_fopen the first one that springs to mind is RSS feeds. These will no longer work if allow_url_fopen(); is disabled without some interesting use of the curl function (which again has its own security risks for shared customers and insecure scripts)."
This is a normal answer.
And I don't have time to talk about such admins about ...

- How danger allow_url_fopen is
- It is quite easy to get RSS without url fopen.
Votes:1 Average:0.00

Posts tree

  Advanced search

Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!