PEAK XOOPS - Protector and Debaser ,SQL injection in englishin japanese

Protector and Debaser ,SQL injection

  • You cannot open a new topic into this forum
  • Guests cannot post into this forum
Previous post - Next post | Parent - Children.1 | Posted on 2007/8/1 5:56
onasre  Lance Corporal   Posts: 38
Hello

since there is no answer from the author of debaser about the Bug found in the gener.php file and posted online here

http://securitydot.net/xpl/exploits/vulnerabilities/articles/1660/exploit.html

we have maybe just to depand on protector to help prevent the injection , but my quastion has any one got answer how to solve the bug or if protector help's prevent any use for this bug

thx
Votes:0 Average:0.00
Previous post - Next post | Parent - No child | Posted on 2007/8/7 6:54
GIJOE  Gunnery Sergeant   Posts: 4110
hi onasre.

It looks just a typical SQL Injection.

Of course, it is the best way that the author fixes it.
But almost threats from SQL Injection can be excluded by Protector's setting.

1) rename prefix other than "xoops"
2) set "Action if an isolated comment-in is found" sanitizing or upper.
3) set "Action if a UNION is found" sanitizing or upper.
Votes:0 Average:0.00

  Advanced search


Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!