PEAK XOOPS - SPAW 1.x vulnerability? in englishin japanese

Archive | RSS |
XOOPS
XOOPS : SPAW 1.x vulnerability?
Poster : GIJOE on 2007-01-25 06:25:56 (11544 reads)

in englishin japanese

http://blog.solmetra.com/2007/01/19/php-vulnerability-possibly-affecting-spaw-1x-installations/
It looks curious...
Old PHP enables variables after unset() if it runs with register_globals=on ...?

If you are applicatable such conditions and you use common/spaw (TinyD etc.), you'd better update common/spaw.

- Download the latest TinyD
- Overwrite common/spaw/dialogs/img_library.php

Anyway, you MUST turn register_globals off, and you should turn allow_url_fopen off.

Moreover, I recommend you to use common/fckeditor instead of common/spaw.

2 comments
Printer friendly page Send this story to a friend

Comments list

Re: SPAW 1.x vulnerability?
GIJOE  Posted on 2007/2/8 18:22 | Last modified
I don't support TinyD with fckeditor.
My development of TinyD has finished.
Use pico instead.
Re: SPAW 1.x vulnerability?
beduino  Posted on 2007/2/8 11:22
Ok, tks!
but how we use fckeditor in tinyD?
all the best and congrats do excellent work!
beduino
View more comments...
Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!