SQL INJECTION vulnerability fixed in revision 1661

Posts from previous Beta sessions

SQL INJECTION vulnerability fixed in revision 1661

Postby PleegWat » Wed Feb 13, 2008 11:40 pm

I just discovered a SQL injection vulnerability in all roster 2.0 beta revisions. This has been fixed in SVN revision 1661. This vulnerability affects you if:

- Your host supports .htaccess files and mod_rewrite
- Your host has magic_quotes_gpc turned OFF in php.ini

To fix this issue, do one of the following:

- Update to SVN revision 1661 (recommended)
- Turn mod_rewrite off in php.ini
- Turn magic_quotes_gpc on in php.ini
- delete the .htaccess file in your roster root (this file is invisible by default)
I <3 /bin/bash
User avatar
PleegWat
WoWRoster.net Dev Team
WoWRoster.net Dev Team
 
Posts: 1636
Joined: Tue Jul 04, 2006 1:43 pm

Re: SQL INJECTION vulnerability fixed in revision 1661

Postby MattM » Thu Feb 14, 2008 8:28 am

Please make sure to upgrade your testbeds.
MattM
UA/UU Developer
UA/UU Developer
Gimpy Developer
Gimpy Developer
 
Posts: 886
Joined: Tue Jul 04, 2006 9:53 pm
Location: USA

SQL INJECTION vulnerability fixed in revision 1661

Postby PleegWat » Thu Feb 28, 2008 2:33 am

Bump for unsticky. More than two weeks since it popped up now.
I <3 /bin/bash
User avatar
PleegWat
WoWRoster.net Dev Team
WoWRoster.net Dev Team
 
Posts: 1636
Joined: Tue Jul 04, 2006 1:43 pm


Return to Archived

Who is online

Users browsing this forum: No registered users and 0 guests

cron