Topics

User Functions

Events

There are no upcoming events

What's New

Stories last 2 weeks

No new stories

Comments last 2 weeks

No new comments

Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

NEW FILES last 14 days

No new files

Welcome to Geeklog Monday, April 27 2015 @ 08:31 PM EDT

Webservices exploit

Security
  • Thursday, April 09 2009 @ 03:50 PM EDT
  • Contributed by:
  • Views:
    8,817

Well, it's getting a bit embarrassing, but here goes:

Bookoo of the Nine Situations Group posted another SQL injection exploit, this time targetting the webservices API in Geeklog. The problem exists in all 1.5.x releases to date. Fortunately, it can be avoided by disabling the webservices like so: Go to

Configuration > Geeklog > Miscellaneous > Webservices

(that's the last set of options on the "Miscellaneous" page) and set "Disable Webservices?" to "True". We'll release an fix ASAP, but this should secure your site for now.

Trackback

Trackback URL for this entry:
https://www.geeklog.net/trackback.php/webservices-exploit

[...] el valor de FalseMás información a través de este enlace:http://www.geeklog.net/article.php/webservices-exploit/div> Trackback Trackback URL for this entry: [...] [read more]

[...] Monday, April 13 2009 @ 11:55 AM EDT Contributed by: Dirk Views: 2 Geeklog 1.5.2sr3 addresses the recently published exploit for an SQL injection in the webservices. It is available for download as a complete tarball, for fresh installs and [...] [read more]

[...] the RSS feed to make sure you don't miss a thing on cmscritic.com!Geeklog 1.5.2sr3 addresses the recently published exploit for an SQL injection in the webservices. It is available for download as a complete tarball, for fresh installs and [...] [read more]

[...] update, bundling all the changes for 1.5.2sr1 - 1.5.2sr4. Geeklog 1.5.2sr3 addresses the recently published exploit for an SQL injection in the webservices. It is available for download as a complete tarball, for fresh installs and upgrades [...] [read more]

The following comments are owned by whomever posted them. This site is not responsible for what they say.