The secure CMS.
Resources
Topics
- Home
- Development (317)
- Geeklog (209)
- Plugins (111)
- Themes (2)
- News (387)
- Announcements (248)
- Geeklog.net (31)
- Security (76)
- Spam (11)
- Summer of Code (27)
User Functions
Events
What's New
Stories
1 new Stories in the last 2 weeksComments last 2 weeks
Trackbacks last 2 weeks
No new trackback commentsLinks last 2 weeks
No recent new linksNEW FILES last 14 days
No new filesWelcome to Geeklog Saturday, May 25 2013 @ 10:56 PM EDT
Webservices exploit
- Thursday, April 09 2009 @ 03:50 PM EDT
-
- Contributed by:
- Dirk
-
- Views:
- 7,636
Well, it's getting a bit embarrassing, but here goes:
Bookoo of the Nine Situations Group posted another SQL injection exploit, this time targetting the webservices API in Geeklog. The problem exists in all 1.5.x releases to date. Fortunately, it can be avoided by disabling the webservices like so: Go to
Configuration > Geeklog > Miscellaneous > Webservices
(that's the last set of options on the "Miscellaneous" page) and set "Disable Webservices?" to "True". We'll release an fix ASAP, but this should secure your site for now.
Trackback
- Trackback URL for this entry:
- http://www.geeklog.net/trackback.php/webservices-exploit
Here's what others have to say about 'Webservices exploit':
- Se ha descubierto exploit para Webservice Geeklog - Soporte Geeklog Hispano
- Tracked on Saturday, April 11 2009 @ 11:04 AM EDT
[...] el valor de FalseMás información a través de este enlace:http://www.geeklog.net/article.php/webservices-exploit/div> Trackback Trackback URL for this entry: [...] [read more]
- Geeklog 1.5.2sr3 - Geeklog
- Tracked on Monday, April 13 2009 @ 12:00 PM EDT
[...] Monday, April 13 2009 @ 11:55 AM EDT Contributed by: Dirk Views: 2 Geeklog 1.5.2sr3 addresses the recently published exploit for an SQL injection in the webservices. It is available for download as a complete tarball, for fresh installs and [...] [read more]
- Geeklog 1.5.2sr3 released to address possible exploits
- Tracked on Thursday, April 16 2009 @ 09:37 AM EDT
[...] the RSS feed to make sure you don't miss a thing on cmscritic.com!Geeklog 1.5.2sr3 addresses the recently published exploit for an SQL injection in the webservices. It is available for download as a complete tarball, for fresh installs and [...] [read more]
- Geeklog trying to stay on top of SQL injection exploits
- Tracked on Tuesday, April 21 2009 @ 10:02 AM EDT
[...] update, bundling all the changes for 1.5.2sr1 - 1.5.2sr4. Geeklog 1.5.2sr3 addresses the recently published exploit for an SQL injection in the webservices. It is available for download as a complete tarball, for fresh installs and upgrades [...] [read more]
The following comments are owned by whomever posted them. This site is not responsible for what they say.