Structural defect of XOOPS-2.3.2 from

Date 2009-01-09 13:09:35 | Category: XOOPS

in englishin japanese
I've shocked just by looking inside of the archive of xoops-2.3.2b.

They put XOOPS_TRUST_PATH folder inside htdocs/ !
(They renamed xoops_trust_path into xoops_lib. this fact also shows us they didnot understand the meaning of XOOPS_TRUST_PATH)
Moreover, there are no .htaccess under the folder xoops_lib/

I suspect my eyes.

mamba had reported LFI in the file under XOOPS_TRUST_PATH.
This is another evidence they cannot understand the meaning of inside/outside DocumentRoot.

When mamba said "I fixes Protector", I replied "Such a patch is non-sense".

This report proves mamba's patch was just non-sense.

You should interpret the report is not an exploit of Protector itself but just XOOPS-2.3.2.

Anyway, phppp and developpers of should do right now:

Put xoops_lib(XOOPS_TRUST_PATH) ouside of htdocs.
Learn the meanining of inside/outside DocumentRoot.
Read how to install Protector V3 again and again!

If you cannot do that or cannot understand what I mean, remove Protector from your archive.

Your wrong structure of the archive gave me pain.

My module -Protector- is useful for protecting all XOOPS forks/folks from maricious attacks as long as the module is installed rightly.

You can read more news at PEAK XOOPS.

The URL for this story is: