Dont think so as many have customized their scripts.
Btw. how many fixes will follow?
Dont think so as many have customized their scripts.
Btw. how many fixes will follow?
I understand that in the section
from http://www.flynax.com/forum/showthre...ull=1#post6548 there are/will be some links for rlAccount.class.php, rlListings.class.php, rlCategories.class.php, rlSearch.class.php, rlPlan.class.phpThe other minor vulnerabilities, which will not affect stability and security of your site, will be posted later in this thread.
And these are the fixes.
/libs/system.lib.php
Find the code: (~ line 65)
and replace to:PHP Code:
Only registered members can view the code.
|php2 has been addedPHP Code:
Only registered members can view the code.
Other than that happy coding...
Flynax Technical Department
Hi @ all
I think and hope that this security updates are only a beginning.
I would suggest the team still following.
Check out all the forms. Especially the search forms and implement for all input fields a filter for metacharacters!
It starts with the registration form and ends with the contact form.
XSS attacks is there a potentially dangerous attack point.
//Steffen
Last edited by Steffen Buschkemper; September 13, 2013 at 05:32 AM.
Created or modified plugins
< rating Plugin (modified) > | < Bad Word Filter Plugin > | < Header Slider Plugin > | < InterKassa Payment Plugin > | < ccAvenue Payment Plugin >
I have checked the script with Acunetix Web Vulnerability Scanner.
Therefore, the above recommendation.
Also following was a result of the check:
Cookie name: "PHPSESSID"
- If possible, you should set the HTTPOnly flag for this cookie.
- If possible, you should set the Secure flag for this cookie.
//Steffen
Last edited by Steffen Buschkemper; September 13, 2013 at 06:00 AM.
Created or modified plugins
< rating Plugin (modified) > | < Bad Word Filter Plugin > | < Header Slider Plugin > | < InterKassa Payment Plugin > | < ccAvenue Payment Plugin >
Open the file /includes/classes/rlListings.class.php
You should add the code that is highlighted in bold green.
(!) Before you change the files, back up the files to be modified.
[line: ~583]
Code:Only registered members can view the code.
[line: ~618]
Code:Only registered members can view the code.
[line: ~781]
Code:Only registered members can view the code.
[line: ~1272]
Code:Only registered members can view the code.
[line: ~1477]
Code:Only registered members can view the code.
[line: ~1558]
Code:Only registered members can view the code.
[line: ~1695]
Code:Only registered members can view the code.
[line: ~1784]
Code:Only registered members can view the code.
[line: ~2027]
Code:Only registered members can view the code.
[line: ~2134]
Code:Only registered members can view the code.
[line: ~2205]
Code:Only registered members can view the code.
[line: ~3444]
to be continue...Code:Only registered members can view the code.
Other than that happy coding...
Flynax Technical Department
Open the file /includes/classes/rlCategories.class.php
You should add the code that is highlighted in bold green.
(!) Before you change the files, back up the files to be modified.
[line: ~170]
Code:Only registered members can view the code.
[line: ~489]
Code:Only registered members can view the code.
[line: ~589]
Code:Only registered members can view the code.
[line: ~1298]
Code:Only registered members can view the code.
[line: ~1351]
Code:Only registered members can view the code.
[line: ~1459]
Code:Only registered members can view the code.
[line: ~1492]
Code:Only registered members can view the code.
[line: ~1527]
Code:Only registered members can view the code.
[line: ~1617]
Code:Only registered members can view the code.
[line: ~1868]
Code:Only registered members can view the code.
[line: ~2001]
to be continue...Code:Only registered members can view the code.
Other than that happy coding...
Flynax Technical Department
Done
Thanks for the security update.
Nguyen
in my original rlListings.class.php file
is on the line 875 and on the line 914-915 there is onlyCode:Only registered members can view the code.
and notCode:Only registered members can view the code.
Code:Only registered members can view the code.On the line 2121 I have[line: ~2027]
Code:Only registered members can view the code.
and notCode:Only registered members can view the code.
Code:Only registered members can view the code.