Menu
▾
▴
[Sapid-community] XSS vulnerability in SAPID file flat edition
|
From: Max B. <mb...@rg...> - 2005-05-02 08:19:38
|
Hello all,
There's an XSS vulnerability in SAPID, which allows attacker to
execute php code in vulerable SAPID installation.
How to fix:
1. Add this line to rc.conf.php
define("SAPID_STARTED", true);
2. Add line
if (!defined("SAPID_STARTED")) die("Hacking attempt!");
to the beginning of the following files:
etc/startup.inc.php
etc/interface/ddc.inc.php
etc/interface/stats.inc.php
etc/interface/stucture.inc.php
etc/interface/templates.inc.php
etc/interface/user_functions.inc.php
etc/interface/users.inc.php
etc/case.inc.php
usr/system/edit.php
usr/system/editor.php
usr/system/remind.php
usr/system/seo_analizer.php
mvc/controller/*
mvc/model/*
mvc/view/*
if you can't find some of above files, just ignore them.
--
Sincerely,
Max Baryshnikov aka Mephius
|
