Author Topic: Security update  (Read 12993 times)

Fred Stuurman

  • Forumbeheerder
  • Held
  • *****
Security update
« on: 2 July 2008, 11:12:18 »
I have just released SyndeoCMS 2.6.02, it contains a security update for the exploit
reported in http://www.milw0rm.com/exploits/5779

full version: http://downloads.sourceforge.net/syndeocms/Syndeocms-2.6.02.zip?use_mirror=osdn

SyndeoCMS 2.6.01 users can just download the upgrade which contains the changed scripts.

see: http://downloads.sourceforge.net/syndeocms/Syndeocms-2.6.02_upgrade.zip?use_mirror=osdn
« Last Edit: 7 July 2009, 08:28:13 by Fred Stuurman »
With kind regards, Fred Stuurman
Main developer Syndeo CMS

stefan

  • Nieuweling
  • *
Re: Security update
« Reply #1 on: 5 July 2008, 10:08:05 »
Fred, after update version is 2.6.00


Fred Stuurman

  • Forumbeheerder
  • Held
  • *****
Re: Security update
« Reply #2 on: 5 July 2008, 11:00:48 »
Stefan,
Thanks I will fix it after my holidays (3 weeks)
With kind regards, Fred Stuurman
Main developer Syndeo CMS

Fred Stuurman

  • Forumbeheerder
  • Held
  • *****
Re: Security update
« Reply #3 on: 27 July 2008, 11:48:22 »
I have added a new version.php in the upgrade zip with 2.6.02 in it.
With kind regards, Fred Stuurman
Main developer Syndeo CMS

Re: Security update
« Reply #4 on: 28 July 2008, 06:17:29 »
Hi Fred,

Am I correct that the update zip you added at first contained a index.php and a version.php file in the root ? I miss them in the updat zip with the new version.php file.
Kind regards,

Jeffrey Toet
webmaster Simon Carmiggeltschool Delft, The Netherlands
http://www.simoncarmiggeltschool.nl

Fred Stuurman

  • Forumbeheerder
  • Held
  • *****
Re: Security update
« Reply #5 on: 28 July 2008, 06:20:59 »
Jeffrey,
No the previous one did not have a index.php and the version.php was missing.
With kind regards, Fred Stuurman
Main developer Syndeo CMS

Fred Stuurman

  • Forumbeheerder
  • Held
  • *****
Re: Security update
« Reply #6 on: 24 September 2008, 11:13:14 »
Arjen,
The exploit
Quote
the SQL injection bug in /starnet/addons/slideshow_full.php (http://www.milw0rm.com/exploits/4832)
has been taken care of see lines 44-48:
Code: [Select]
if (IsSet ($_GET['album_name']))
{
$album_name = addslashes($_GET['album_name']);
$album_name = htmlspecialchars(strip_tags($album_name)); //remove html tags
}
You need this exploit to get the session code to get the other exploit working.
I will add an extra check in browser.php (2.7) to be on the safe side.
« Last Edit: 26 September 2008, 14:34:24 by Fred Stuurman »
With kind regards, Fred Stuurman
Main developer Syndeo CMS