A potential 3.3 security breach?
I just received an e-mail from one of the technicians at my hosting company. He believes he found a potential security problem with admin.inc.php. His e-mail reads as below:
"I found a security problem in <site>/inc/admin.inc.php. It was calling $dir[inc]match.inc.php which people were manipulating to get the data to come from their site. I hard coded the path to patch it for now, but be advised that this software should be upgraded as soon as possible to the latest production version."
Hi,
I spent some time looking at this - and we could use a preg match to filter out some of the badness here - but in all honesty - it may just be easier to just hard code in the directory path as your web host suggested.
Maybe something like:
if ( preg_match("/[A-Za-z0-9]/",$dir) ){
require_once( "$dir[inc]match.inc.php" );
}
Smoge
ModMySite Administrator
Problems? Questions? Need modifications or other help with your site?
Open A Ticket , Send Us An Email Or Give Us A Telephone Call +1 518-632-4152.
drakontas - who is your hosting company?
sounds like a solid place....
thanks!
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
Bookmarks