2011-06-01, 03:49:12
Exploit "set" parameter
|
2011-06-02, 01:00:26
Quick fix. Edit /admin/inc/plugin_functions.php, line 33:
Code: if (isset($_GET['set'])){ Code: if (isset($_GET['set']) && substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1)!='index.php'){
2011-06-02, 01:18:31
This is fixed in the latest SVN.
Official fix can be seen here: http://code.google.com/p/get-simple-cms/...tail?r=487 Mike....
2011-06-02, 23:52:34
n00dles101 Wrote:This is fixed in the latest SVN. Lots of changes in upload.php since the 3.0 "official" release (I don't run svn on production). What is is minimum security patch that can be done to close this vulnerability? -Rob A> |
« Next Oldest | Next Newest »
|
Users browsing this thread: 1 Guest(s)