Vulnerabilities - Printable Version +- GetSimple Support Forum (http://get-simple.info/forums) +-- Forum: GetSimple (http://get-simple.info/forums/forumdisplay.php?fid=3) +--- Forum: General Questions and Problems (http://get-simple.info/forums/forumdisplay.php?fid=16) +--- Thread: Vulnerabilities (/showthread.php?tid=860) |
Vulnerabilities - juliancc - 2010-07-20 Just bumped into this advisory released last week: http://secunia.com/advisories/40428 Vulnerabilities - Zegnåt - 2010-07-20 Interesting, I’m going to be forwarding this to Chris. I’ll also try them out, but it feels like only one of them is feasible because everything else makes use of files in the admin directory and those PHP files should just redirect to the login form when you’re not logged in. If you are logged in when doing this, well frankly, you’d be an idiot because you can just use the upload panel to upload a PHP file to take control of anything on the server. Vulnerabilities - Zegnåt - 2010-07-20 Putting this up here so you all know where we stand on this, I just received this email back from Mike (n00dles): Mike Wrote:Yeah saw those the other day, tried MOST of them and yes you do need to be logged in for them to work.So unless you’re afraid of hacking into your own GetSimple installation after having logged in these aren’t the highest priority vulnerabilities ever to be discovered. Of course we will be looking into this, but it’s not really a matter of concern for current live websites. |