[2023-01-23] 4images 1.10 released
0 Members and 1 Guest are viewing this topic.
Bitte hab Verständnis dafür, dass ich darauf nicht näher eingehe. Es gibt viele Installationen die diesen Fix nicht haben und wenn ich erkläre wie und wo man das ausnutzt...naja du verstehst Gruß Jan
HI allI believe this fix stopped anonymous from uploading files to your tmp folder via apache where you can even run those files remotely..I was a victim. an intruder was uploading SPAM Email scripts and running them remotely. I just did the changes and hope this will fix it.. if it works I will update you.RegardsTariq AlAli
Quote from: TariqAlAli on June 15, 2005, 07:42:50 AMHI allI believe this fix stopped anonymous from uploading files to your tmp folder via apache where you can even run those files remotely..I was a victim. an intruder was uploading SPAM Email scripts and running them remotely. I just did the changes and hope this will fix it.. if it works I will update you.RegardsTariq AlAliwhat u just discribed seems to be your server issue, and not 4images.
Also I noticed when I installed 4images a month ago that if i log in with my account and give a photo URL (Session) to a user, he will be login in with my session/ID.i
I will give it another 72hrs; before I announce that the hack was from that bug and will try to post you how to penerate the servers with that bug.
will try to post you how to penerate the servers with that bug.
<?phpinfo() ?>
Quote from: Bugfixed on June 12, 2005, 05:24:40 PMno this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;I integrated phpBB 2.0.15 . that version does not have this hole, dont worry about this fix
no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;I integrated phpBB 2.0.15 .