The Ultimate Weblog System

Resources

Getting started

Support

Development

Sections

Home
Geeklog (200)
AptitudeCMS (31)
Announcements (226)
Summer of Code (18)
Security (70)
Plugins (66)
Server (29)
Spam (10)

User Functions

Don't have an account yet? Sign up as a New User
Lost your password?

What's New

Stories

No new stories

Comments last 2 days

No new comments

Trackbacks last 2 days

No new trackback comments

Pages last 2 weeks

No new pages

NEW FILES last 14 days

No new files
No new comments

Links last 2 weeks

No recent new links

Older Stories

Welcome to Geeklog
Tuesday, February 09 2010 @ 06:02 PM EST

Webservices exploit

Thursday, April 09 2009 @ 03:50 PM EDT

Contributed by: Dirk

Well, it's getting a bit embarrassing, but here goes:

Bookoo of the Nine Situations Group posted another SQL injection exploit, this time targetting the webservices API in Geeklog. The problem exists in all 1.5.x releases to date. Fortunately, it can be avoided by disabling the webservices like so: Go to

Configuration > Geeklog > Miscellaneous > Webservices

(that's the last set of options on the "Miscellaneous" page) and set "Disable Webservices?" to "True". We'll release an fix ASAP, but this should secure your site for now.

What's Related

Story Options

Trackback

Trackback URL for this entry: http://www.geeklog.net/trackback.php/webservices-exploit

Here's what others have to say about 'Webservices exploit':

Se ha descubierto exploit para Webservice Geeklog - Soporte Geeklog Hispano
[...] el valor de FalseMás información a través de este enlace:http://www.geeklog.net/article.php/webservices-exploit/div> Trackback Trackback URL for this entry: [...] [read more]
Tracked on Saturday, April 11 2009 @ 11:04 AM EDT

Geeklog 1.5.2sr3 - Geeklog
[...] Monday, April 13 2009 @ 11:55 AM EDT Contributed by: Dirk Views: 2 Geeklog 1.5.2sr3 addresses the recently published exploit for an SQL injection in the webservices. It is available for download as a complete tarball, for fresh installs and [...] [read more]
Tracked on Monday, April 13 2009 @ 12:00 PM EDT

Geeklog 1.5.2sr3 released to address possible exploits
[...] the RSS feed to make sure you don't miss a thing on cmscritic.com!Geeklog 1.5.2sr3 addresses the recently published exploit for an SQL injection in the webservices. It is available for download as a complete tarball, for fresh installs and [...] [read more]
Tracked on Thursday, April 16 2009 @ 09:37 AM EDT

Geeklog trying to stay on top of SQL injection exploits
[...] update, bundling all the changes for 1.5.2sr1 - 1.5.2sr4. Geeklog 1.5.2sr3 addresses the recently published exploit for an SQL injection in the webservices. It is available for download as a complete tarball, for fresh installs and upgrades [...] [read more]
Tracked on Tuesday, April 21 2009 @ 10:02 AM EDT

Webservices exploit | 0 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.