I just discovered a SQL injection vulnerability in all roster 2.0 beta revisions. This has been fixed in SVN revision 1661. This vulnerability affects you if:
- Your host supports .htaccess files and mod_rewrite
- Your host has magic_quotes_gpc turned OFF in php.ini
To fix this issue, do one of the following:
- Update to SVN revision 1661 (recommended)
- Turn mod_rewrite off in php.ini
- Turn magic_quotes_gpc on in php.ini
- delete the .htaccess file in your roster root (this file is invisible by default)
SQL INJECTION vulnerability fixed in revision 1661
3 posts
• Page 1 of 1
SQL INJECTION vulnerability fixed in revision 1661
by PleegWat » Wed Feb 13, 2008 11:40 pm
I <3 /bin/bash
-
PleegWat - WoWRoster.net Dev Team
- Posts: 1636
- Joined: Tue Jul 04, 2006 1:43 pm
Re: SQL INJECTION vulnerability fixed in revision 1661
by MattM » Thu Feb 14, 2008 8:28 am
Please make sure to upgrade your testbeds.
- MattM
- UA/UU Developer
- Gimpy Developer
- Posts: 886
- Joined: Tue Jul 04, 2006 9:53 pm
- Location: USA
SQL INJECTION vulnerability fixed in revision 1661
by PleegWat » Thu Feb 28, 2008 2:33 am
Bump for unsticky. More than two weeks since it popped up now.
I <3 /bin/bash
-
PleegWat - WoWRoster.net Dev Team
- Posts: 1636
- Joined: Tue Jul 04, 2006 1:43 pm
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest