Quote:
Do you have a list of modules that allow this 'crack'
Old *Content with spaw.
They all have the same fatal vulnerability.
Old WF-* and XF-*.
They have super global extractions.
Almost modules registered in xoops.org.
85-95% of the modules may have XSS/ScriptInsertion.
65-85% of the modules may have SQL Injections.
Quote:
Could Protector do a sanity check on installed modules? That would be a neat idea to implement if it were possible.
It is not easy to implement the sanity check against module's codes.
All I can say, don't use modules made by poor skilled developpers.
Quote:
Quote from my hoster
"Many scripts rely on allow_url_fopen the first one that springs to mind is RSS feeds. These will no longer work if allow_url_fopen(); is disabled without some interesting use of the curl function (which again has its own security risks for shared customers and insecure scripts)."
This is a normal answer.
And I don't have time to talk about such admins about ...
- How danger allow_url_fopen is
- It is quite easy to get RSS without url fopen.