Security Vulnerability

[paragonmatrix]

ya this is bad news, but thankfully anyone who seriously runs a site should receive the email.

btw the upgrade worked fine for me, version 9.1

thx for letting us know

[mStudios]

Quote:

Originally Posted by AshDigg

For 8.2 follow the same instructions but use these files.

Had the same problem, loading upgrade.php (I am also under a modified version 8 of pligg) I only got a white window - I'm on a Mac. In the past, white php files showed some cross-platform problems, like different line endings or smart quotes or something, but I went through all what I know and it still returned just a white page.

At this point I am not sure if it upgraded all the same, because I replaced my original login.php file with the new one and I could log in.

I guess this means that the patch worked even if I only saw a white upgrade.php ??

Thanks.

---marlyse

[treelovinhippie]

Do we delete the upgrade_login.php file as well if all worked?

[wwwSENSERELYcom]

yes you can delete the file. but look into the file and see what it is doing to your database, and then check in your database to see if it has been done, so you'll know.

I am not a hacker so I don't know exactly what was a problem in the reset password way of doing things, but if it was there for many versions and nobody reported being hacked then it means hackers don't care YET about webmasters using pligg :-)

[treelovinhippie]

Ah k, I think it's just altering the "last_reset_code" row.

Mine now says:

last_reset_code varchar(255) latin1_swedish_ci Yes NULL

[Maroc]

Hello Pligg,
thanks for the tip!!

[eon]

Thank you for the update.

[blackpr]

I was hacked yeserday!

[mikeone]

worked fine to me with version 9.0
thx guys

[not2serious]

Upgraded 9.5 successfully.

Thank You.