(exploit) LastPosts now restored

Date 13-Feb-2004 10:02:31
Topic: Amigaworld.net News

This has now been patched on the main site and Kent has also been advised of what is needed. That is at least for the exploits we have managed to find Hopefully if theres more we will get testcases shared to find it.

Thanks also to Orgin.

Due to security concerns over the "lastposts" moduleset raised by Kent over amiga.org we had temporarily suspended them.

We, with a hint from Kent about the kind of problems he was seeing on Xoops.org, figured out what the defect was and Xoops developers need to SAFE or ESCAPE the results of the query used by lastposts modules to avoid scripts being run on the client box when the page is generated and viewed.

See source in comment 1.

This article comes from AmigaWorld - Amiga Community Portal

The URL for this story is: