Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   xBTiT (http://www.bvlist.com/forumdisplay.php?f=30)
-   -   [important] urgent - protection fix (http://www.bvlist.com/showthread.php?t=896)

Fynnon 26th August 2008 12:30
[important] urgent - protection fix
 
a vulnerability (sql injection which can give the admins nick + passhash) has been discover in all btit 1.4.x/xbtit <= rev 544 version (BtiTracker <= 1.4.7, xbtit <= 2.0.542 SQL Injection Vulnerability), please apply urgently the patch

quick fix:

open scrape.php
find:
Code:
require("$BASEPATH/include/config.php");
require("$BASEPATH/include/common.php");
below add:
Code:
require_once $BASEPATH.'/include/crk_protection.php';
or download attached, upload to your tracker's root and rename to scrape.php

To unsubscribe from these announcements, login to the forum and uncheck "Receive forum announcements and important notifications by email." in your profile.

You can view the full announcement by following this link:

Template Parse Error!

Regards,
The Btiteam Forum Team.

m4rc3 17th April 2009 03:27
You know that
 
You try to check the code with this script www.htmlpurifier.org this scan for security vulnerabilities like xsss attacks, in the code php html xml, but make copy of your scripts for security reasons, and all site owners need Acunetix Web Vulnerability Scanner Enterprise v6.1.20090211 :ok:


All times are GMT +2. The time now is 07:12.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.