Quote by jkuperus: Are you disputing this ? if so i'd like to hear your arguments and i'll dismiss each and everyone of them with ease and make you look like a fool in the process
None of the alleged SQL injections originally reported by Lorenzo
for Geeklog itself were valid. They caused SQL errors, yes, but that's about it.
The password issue was found by someone else and is so far the only known case of a successful exploit based on SQL injections in Geeklog itself. The forum issue only existed on this site as it only affected an unreleased version of the Forum. We have confirmed the Forum XSS (i.e. injection of Javascript) and Shoutbox issues.
I would be interested to hear what you found that Lorenzo's reported issues such as
http://[TARGET]/index.php?topic=te'st/[SQL INJECTION CODE]
can cause in Geeklog.
Quote by jkuperus:Anyway its unlikely that people used this to totally whipe your site.
Exactly.
Quote by jkuperus:but again I would say it's improbable
just to be on the save side of things you'll probably want to stay clear of insecure products like geeklog
Before jumping to such conclusions, maybe we should wait until we have more information on the exact circumstances, don't you think?
Quote by jkuperus:and now how do i stop these mail notifies for every new thread, gawd this is anoying
Go to the forum options (from your user functions block) and select "subscriptions".
bye, Dirk