Search found 4 matches
- Thu Jan 22, 2015 12:08 pm
- Forum: 0.6.X beta support
- Topic: Fix password md5 show
- Replies: 2
- Views: 8105
Re: Fix password md5 show
For fix hook problem in file editInplace.php, change: <?php if(isset($_REQUEST['hook']))include($_REQUEST['hook']); ?> to: <?php session_start();if(is_loggedin() and isset($_REQUEST['hook'])){include($_REQUEST['hook']);}else{echo"ERROR";} function is_loggedin(){if(isset($_SESSION['l'])) re...
- Thu Jan 22, 2015 11:44 am
- Forum: 0.6.X beta support
- Topic: Security Vulnerabilities
- Replies: 10
- Views: 35939
Re: Security Vulnerabilities
Hice...
Hard fix this problems, after getting page name:
Add cuts all symbols, except A-Z, a-z and '-':
Example:
http://igorkov.org/%3Cscript%3Ealert%28 ... /script%3E
Hard fix this problems, after getting page name:
Code: Select all
$rp = isset($_REQUEST['page']) ? $_REQUEST['page'] : '';
Code: Select all
$rp = preg_replace('/[^a-zA-Z0-9-]/', '', $rp);
http://igorkov.org/%3Cscript%3Ealert%28 ... /script%3E
- Thu Dec 11, 2014 7:39 pm
- Forum: 0.6.X beta support
- Topic: Fix password md5 show
- Replies: 2
- Views: 8105
Re: Fix password md5 show
And next link:
Also must be fixed.
Code: Select all
http://wondercms.com/labs/06beta/js/editInplace.php?hook=../files/password
- Tue Oct 28, 2014 3:31 pm
- Forum: 0.6.X beta support
- Topic: Fix password md5 show
- Replies: 2
- Views: 8105
Fix password md5 show
Sample: http://wondercms.com/labs/06beta/password This is not good, because md5 not strong algorithm, and can be brutеforce. For fix it (and other system pages): $denypages = array("copyright", "description", "keywords", "menu", "password", "sub...