The secure CMS.

Resources

Getting started

Support

Development

Sections

User Functions





Don't have an account yet? Sign up as a New User
Lost your password?


What's New

Stories

No new stories

Comments last 2 days


Trackbacks last 2 days

No new trackback comments

Pages last 2 weeks


NEW FILES last 14 days


Links last 2 weeks

Older Stories

Thursday 07-Jan


Tuesday 22-Dec


Monday 14-Dec


Saturday 05-Dec


Sunday 22-Nov

Welcome to Geeklog
Monday, March 15 2010 @ 03:00 AM EDT

Reminder: Remove the install script!

Thursday, June 04 2009 @ 03:40 PM EDT

Contributed by: Dirk

Views: 2,420

Security

A recent posting on the Bugtraq security mailing list should serve as a reminder to always remove the install script after a successful install or upgrade of Geeklog: MaXe points out an XSS, a path disclosure, and a remote file inclusion in the 1.5.x install script. The XSS is still present in the 1.6.0 install script and has been pointed out to us before by a person who called himself Nemesis.

We'll take care of this in the next 1.6.0 release (probably rc1). So again: Please follow the installation instructions and the built-in reminders to remove the install script and the other security tips that we provide before, during, and after the install.

What's Related

Story Options

Trackback

Trackback URL for this entry: http://www.geeklog.net/trackback.php/remove-the-install-script

Here's what others have to say about 'Reminder: Remove the install script!':

Geeklog 1.6.0 BETA 3 - Geeklog
[...] 1.6.0 is now available for download. This version fixes a few more issues with the new search, addresses the XSS reported for the install script, and also includes a more prominent reminder to remove the install script after installation or [...] [read more]
Tracked on Sunday, June 21 2009 @ 04:21 AM EDT

Reminder: Remove the install script! | 2 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Reminder: Remove the install script!
Authored by: chrisx on Wednesday, June 17 2009 @ 01:31 AM EDT
It's a nice looking site but it's been a nightmare. First installation using fantastico, it will not install into public_html. It will not install in / the only way to get it to install is /public_html.
But then the url becomes www.yoursite.com/public_html. It will not install to www.yoursite.com
Next, there is no forum??? When i spent one hour deciding between this and others i checked everything and this demo clearly shows a forum, there is no forum.
It's a shame, it's a nice looking site but i can't use it. Why do you show a forum when there is none?
Forum and such
Authored by: Dirk on Wednesday, June 17 2009 @ 03:23 AM EDT

The Forum is a plugin that you can download separately. Not everybody needs one ...

And may I suggest that when you have a problem getting Geeklog up and running, you use the proper place to ask for help, which is the Installation Forum, and not some completely unrelated story. Thanks.
© 2002-2010 Geeklog
Created this page in 0.26 seconds 		Powered by Geeklog 1.6.1 
Hosted by pair.com