Dont think so as many have customized their scripts.
Btw. how many fixes will follow?
Printable View
Dont think so as many have customized their scripts.
Btw. how many fixes will follow?
I understand that in the section
from http://www.flynax.com/forum/showthre...ull=1#post6548 there are/will be some links for rlAccount.class.php, rlListings.class.php, rlCategories.class.php, rlSearch.class.php, rlPlan.class.phpQuote:
The other minor vulnerabilities, which will not affect stability and security of your site, will be posted later in this thread.
And these are the fixes.
/libs/system.lib.php
Find the code: (~ line 65)
and replace to:PHP Code:
Only registered members can view the code.
|php2 has been addedPHP Code:
Only registered members can view the code.
Hi @ all
I think and hope that this security updates are only a beginning.
I would suggest the team still following.
Check out all the forms. Especially the search forms and implement for all input fields a filter for metacharacters!
It starts with the registration form and ends with the contact form.
XSS attacks is there a potentially dangerous attack point.
//Steffen
I have checked the script with Acunetix Web Vulnerability Scanner.
Therefore, the above recommendation.
Also following was a result of the check:
Cookie name: "PHPSESSID"
- If possible, you should set the HTTPOnly flag for this cookie.
- If possible, you should set the Secure flag for this cookie.
//Steffen
Open the file /includes/classes/rlListings.class.php
You should add the code that is highlighted in bold green.
(!) Before you change the files, back up the files to be modified.
[line: ~583]
Code:Only registered members can view the code.
[line: ~618]
Code:Only registered members can view the code.
[line: ~781]
Code:Only registered members can view the code.
[line: ~1272]
Code:Only registered members can view the code.
[line: ~1477]
Code:Only registered members can view the code.
[line: ~1558]
Code:Only registered members can view the code.
[line: ~1695]
Code:Only registered members can view the code.
[line: ~1784]
Code:Only registered members can view the code.
[line: ~2027]
Code:Only registered members can view the code.
[line: ~2134]
Code:Only registered members can view the code.
[line: ~2205]
Code:Only registered members can view the code.
[line: ~3444]
to be continue...Code:Only registered members can view the code.
Open the file /includes/classes/rlCategories.class.php
You should add the code that is highlighted in bold green.
(!) Before you change the files, back up the files to be modified.
[line: ~170]
Code:Only registered members can view the code.
[line: ~489]
Code:Only registered members can view the code.
[line: ~589]
Code:Only registered members can view the code.
[line: ~1298]
Code:Only registered members can view the code.
[line: ~1351]
Code:Only registered members can view the code.
[line: ~1459]
Code:Only registered members can view the code.
[line: ~1492]
Code:Only registered members can view the code.
[line: ~1527]
Code:Only registered members can view the code.
[line: ~1617]
Code:Only registered members can view the code.
[line: ~1868]
Code:Only registered members can view the code.
[line: ~2001]
to be continue...Code:Only registered members can view the code.
Done
Thanks for the security update.
Nguyen
in my original rlListings.class.php file
is on the line 875 and on the line 914-915 there is onlyCode:Only registered members can view the code.
and notCode:Only registered members can view the code.
Code:Only registered members can view the code.
On the line 2121 I haveQuote:
[line: ~2027]
Code:Only registered members can view the code.
and notCode:Only registered members can view the code.
Code:Only registered members can view the code.