[important] urgent - protection fix
a vulnerability (sql injection which can give the admins nick + passhash) has been discover in all btit 1.4.x/xbtit <= rev 544 version (BtiTracker <= 1.4.7, xbtit <= 2.0.542 SQL Injection Vulnerability), please apply urgently the patch
quick fix: open scrape.php find: Code:
require("$BASEPATH/include/config.php"); Code:
require_once $BASEPATH.'/include/crk_protection.php'; To unsubscribe from these announcements, login to the forum and uncheck "Receive forum announcements and important notifications by email." in your profile. You can view the full announcement by following this link: Template Parse Error! Regards, The Btiteam Forum Team. |
You know that
You try to check the code with this script www.htmlpurifier.org this scan for security vulnerabilities like xsss attacks, in the code php html xml, but make copy of your scripts for security reasons, and all site owners need Acunetix Web Vulnerability Scanner Enterprise v6.1.20090211 :ok:
|
All times are GMT +2. The time now is 06:37. |
Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.