+ Reply to Thread
Page 1 of 5 123 ... LastLast
Results 1 to 10 of 42

Thread: Security update [MUST HAVE]

  1. #1

    Exclamation Security update [MUST HAVE]

    Dear customers,

    We have detected a few Vulnerabilities in the script and strongly recommend applying the patch below.
    If you see the code below already in place it means that we added the code for you using your ftp logins.


    To fix the vulnerability you should add the code that is highlighted in bold green.
    (!) Before you change the files, back up the files to be modified.


    /libs/upload/upload.php
    Code:
    Only registered members can view the code.

    /files/.htaccess
    Code:
    Only registered members can view the code.

    /tmp/upload/.htaccess
    Updated: the file must contain only the code
    Code:
    Only registered members can view the code.

    /.htaccess
    Code:
    Only registered members can view the code.

    /libs/system.lib.php
    Code:
    Only registered members can view the code.
    The other minor vulnerabilities, which will not affect stability and security of your site, will be posted later in this thread.

    Possible SQL Injection and FIX for it
    rlAccount.class.php
    rlListings.class.php
    rlCategories.class.php
    rlSearch.class.php
    rlPlan.class.php

    Subscribe to this thread and keep up with the latest updates.
    Last edited by Alex; October 1, 2013 at 04:59 AM. Reason: updated

    Other than that happy coding...
    Flynax Technical Department

  2. #2
    Senior Member
    Join Date
    Jun 2013
    Location
    Vietnam
    Posts
    157
    I'll give it a try.

    Thanks,
    Nguyen
    Nguyen Dat Tai
    Mobile: +84.909933020
    Web: www.dangbanxe.com

  3. #3
    Junior Member
    Join Date
    Dec 2011
    Location
    France Brittany
    Posts
    29
    Done
    Thank you

    Patrice

  4. #4
    Senior Member
    Join Date
    Dec 2011
    Posts
    159
    Please advise patch update for version 4.0.1

  5. #5
    rosegarden,

    This is patch for Flynax v4.X

    Other than that happy coding...
    Flynax Technical Department

  6. #6
    Senior Member
    Join Date
    Dec 2011
    Posts
    159
    For Version 4.0.01, the following file is slightly different on code starting from "function handle_file_upload ..."
    I do not want to insert the coding here but you can check my ticket #OXO-741609

    /libs/upload/upload.php

    Hope to hear your answer soon as I want to do the patch now

  7. #7
    hm.. OK
    This is for Flynax v4.0.1

    /libs/upload/upload.php
    Code:
    Only registered members can view the code.

    Other than that happy coding...
    Flynax Technical Department

  8. #8
    so are these changes added to full version, if I want to do a reinstall or do I still have to add it manually?
    Last edited by Daniel Simonsen; August 29, 2013 at 08:01 AM.

  9. #9
    Yes, these changes have been added to the version for download.

    Other than that happy coding...
    Flynax Technical Department

  10. #10
    Quote Originally Posted by Exe View Post
    /tmp/upload/.htaccess
    Code:
    Only registered members can view the code.
    The file here (/tmp/upload/.htaccess) has (?) this already:
    Code:
    Only registered members can view the code.
    I think this is the same, or not?

    Thank you!

+ Reply to Thread