PEAK XOOPS - Protector and Debaser ,SQL injection in englishin japanese

Protector and Debaser ,SQL injection

  • You cannot open a new topic into this forum
  • Guests cannot post into this forum
Previous post - Next post | Parent - Children.1 | Posted on 2007/8/1 5:56
onasre  ʼ   Posts: 38

since there is no answer from the author of debaser about the Bug found in the gener.php file and posted online here

we have maybe just to depand on protector to help prevent the injection , but my quastion has any one got answer how to solve the bug or if protector help's prevent any use for this bug

Votes:0 Average:0.00
Previous post - Next post | Parent - No child | Posted on 2007/8/7 6:54
GIJOE  Ǥ   Posts: 4110
hi onasre.

It looks just a typical SQL Injection.

Of course, it is the best way that the author fixes it.
But almost threats from SQL Injection can be excluded by Protector's setting.

1) rename prefix other than "xoops"
2) set "Action if an isolated comment-in is found" sanitizing or upper.
3) set "Action if a UNION is found" sanitizing or upper.
Votes:0 Average:0.00

  Advanced search

Username or e-mail:


Remember Me

Lost Password?

Register now!