Welcome to Geeklog Tuesday, June 30 2015 @ 05:59 AM EDT
This story is mainly intended for those running a Geeklog site in a language other than English ...
In an attempt to get rid of the last pieces of hard-coded english text in Geeklog, I've spent most of last weekend working my way through the code, following long lists provided by Lolo Fernandez and Serhiy Kuzhanov (Thanks!), but also moving bits and pieces I found along the way (and fixing some minor bugs as well). So what we have now (in CVS, that is) is a version of Geeklog that localises properly when you switch the language file.
Which brings up a crucial point: We are in desperate need of updated language files!
For those who may not realize it, there are several Admin accounts that have default passwords (StoryAdmin, etc), and only the main "Admin" account is checked in the getBent() PHP block. By default, all *Admin accounts have the "password" password, and an intelligent person could figure that out, and exploit your system.
If you would like to see if you are vulnerable to this sort of attack, run this query in mySQL, or add it to getBent() like I did:
select count(*) as count from gl_users where username like '%Admin' and passwd=md5('password')
That will tell you if any of your *Admin accounts are vulnerable. Notice the slight differences from the query in getBent():
select count(*) as count from users where username='Admin' and passwd='" . md5('password') . "'
If you need help in setting up or using Geeklog, please see the documentation, the FAQ, the Wiki, try our search page or browse through the Support Forum. Chances are someone else already had the same problem.
More resources are listed on the support page.
If you still can't find an answer, feel free to post in the forum.
Need help now? Try our web-based IRC chat.