Thread: [Security Fix] All Pligg versions when extra fields enabled
View Single Post
  #1 (permalink)  
Old 07-09-2007, 09:17 AM
beatniak's Avatar
beatniak beatniak is offline
Pligg Donor
 		 
Join Date: Apr 2006
Location: NL - 52.100863;5.108356
Posts: 310
Thanks: 14
Thanked 77 Times in 48 Posts
Exclamation [Security Fix] For ALL Pligg versions when extra fields enabled
I've found a bug that makes all pligg versions vulnerable for deformation hacks and site hijacking when the extra fields are enabled.
In other words, all pligg sites that have extra fields enabled are wide open for hack attacks.

IMPORTANT: PLEASE UPGRADE IMMEDIATELY!!!

Here are the bugfix packages for Pligg 9.6 / 9.5 / 9.1 / 9.0 / 8.2
Upgrade info: Just overwrite your pligg install with the included files

I added the fix for all the official templates, but for fixing your own template:
1) Look in: /templates/<yget or MB>/submit_step_3.tpl
2) copy the code between "Steef 2k7-07 security fix start" and "Steef 2k7-07 security fix end"
3) paste in: /templates/<your template>/submit_step_3.tpl

Fix is already added to the SVN, so 9.7 will be save.
__________________
Like my work? Donations are welcome if you would like to support my work!
Finger pliggin' good sites of mine: receptencocktail.nl / numarketing.nl / goboz.com
Last edited by beatniak; 07-09-2007 at 11:04 AM.. Reason: added security_fix for 8.2 and 9.5
Reply With Quote