Location -- Viewing Article
    URGENT: AdaptCMS 1.3 Security Fix Released - Adapt Software

    URGENT: AdaptCMS 1.3 Security Fix Released

    By: charliepage @ Jan 03, 2009 - 3:22 am

    For the first time with AdaptCMS, Insane Visions has issued an urgent security fix. This recent security hole was discovered by the group at Milw0rm. Upon hearing about this security hole we immediately fixed the problem in a matter of minutes and are now issuing this fix.

    The Security Hole was related to the new "Check User" feature in AdaptCMS Lite 1.3 and AdaptCMS Pro 1.3. When signing up you would enter the username desired, once moving to the password field a box would appear saying whether the username was taken or not. The issue was the PHP that checks to see if the username is taken did not use any safe guards incase of SQL injection. The worst consequence is the stealing of the MD5 hash of a users password but NO passwords themselves were vulnerable to this problem.

    This fix is simply one file which goes into the "includes/" folder. We recommend that all AdaptCMS Lite users upload this fixed file immediately. Thank you.

    Download AdaptCMS 1.3 Fix

    Rating:

    Vote for Article:



    Guest @ Jan 03, 2012 - 3:25 pm
    Holy conicse data batman. Lol!


    Guest @ Jan 04, 2012 - 4:20 am
    r6sziA dduxbturldog


    Guest @ Jan 05, 2012 - 9:17 pm
    The "something" can be accessed very easily with PHP. If you have a web page address that looks like this:index.php? month=september&name=smith&age=24Then you can access those values in PHP like this:<?phpecho $_GET('month');echo $_GET('name');echo $_GET('age');?>This will print septembersmith24.As for accessing a text file, that's easy too:<?php$text = file_get_contents( 'textfile.txt' );echo $text;?>This will read the entire contents of the file textfile.txt into the variable $text, and then print it out for you.You can also access many databases with PHP, I highly recommend you use MySQL. It's a bit too complicated to describe here, though. There are some good references made to good books by folks above. The "Teach Yourself" series is great.

    eastwood auto insurance


    Guest @ Jan 12, 2012 - 8:48 pm
    If you have sensitive files that should be accessible only by scripts, put them somewhere on the server other than the web root. Your scripts will still be able to access them, but nobody can pull them off the web./R11; /htdocsR11; R12; /www.site.comR11; /securedocs

    auto insurance quotes


     email

     website






    Warning: include_once(plugins/affiliates.php) [function.include-once]: failed to open stream: No such file or directory in /home/adaptsof/public_html/index.php on line 2231

    Warning: include_once() [function.include]: Failed opening 'plugins/affiliates.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/adaptsof/public_html/index.php on line 2231
  • AdaptCMS
  • AdaptBB