The secure CMS.
Resources
Topics
- Home
- Development (317)
- Geeklog (209)
- Plugins (111)
- Themes (2)
- News (387)
- Announcements (248)
- Geeklog.net (31)
- Security (76)
- Spam (11)
- Summer of Code (27)
User Functions
Events
What's New
Stories
1 new Stories in the last 2 weeksComments last 2 weeks
No new commentsTrackbacks last 2 weeks
No new trackback commentsLinks last 2 weeks
No recent new linksNEW FILES last 14 days
No new filesWelcome to Geeklog Friday, May 24 2013 @ 07:28 PM EDT
Reminder: Remove the install script!
- Thursday, June 04 2009 @ 03:40 PM EDT
-
- Contributed by:
- Dirk
-
- Views:
- 8,012
A recent posting on the Bugtraq security mailing list should serve as a reminder to always remove the install script after a successful install or upgrade of Geeklog: MaXe points out an XSS, a path disclosure, and a remote file inclusion in the 1.5.x install script. The XSS is still present in the 1.6.0 install script and has been pointed out to us before by a person who called himself Nemesis.
We'll take care of this in the next 1.6.0 release (probably rc1). So again: Please follow the installation instructions and the built-in reminders to remove the install script and the other security tips that we provide before, during, and after the install.
Trackback
- Trackback URL for this entry:
- http://www.geeklog.net/trackback.php/remove-the-install-script
Here's what others have to say about 'Reminder: Remove the install script!':
- Geeklog 1.6.0 BETA 3 - Geeklog
- Tracked on Sunday, June 21 2009 @ 04:21 AM EDT
[...] 1.6.0 is now available for download. This version fixes a few more issues with the new search, addresses the XSS reported for the install script, and also includes a more prominent reminder to remove the install script after installation or [...] [read more]
The following comments are owned by whomever posted them. This site is not responsible for what they say.
But then the url becomes www.yoursite.com/public_html. It will not install to www.yoursite.com
Next, there is no forum??? When i spent one hour deciding between this and others i checked everything and this demo clearly shows a forum, there is no forum.
It's a shame, it's a nice looking site but i can't use it. Why do you show a forum when there is none?
The Forum is a plugin that you can download separately. Not everybody needs one ...
And may I suggest that when you have a problem getting Geeklog up and running, you use the proper place to ask for help, which is the Installation Forum, and not some completely unrelated story. Thanks.