Author Topic: Security problems [IMPORTANT]  (Read 249 times)

pianista

  • Newbie
  • *
  • Posts: 3
    • View Profile
Security problems [IMPORTANT]
« on: September 10, 2020, 02:00:28 PM »
Hi,

I've seen that on exploit-db:

https://www.exploit-db.com/exploits/48574
https://www.exploit-db.com/exploits/48567

With this kind of injections, and anonymous user could retrieve data from MySQL (user, passwords...) and if the server have bad configuration, could lead to execute remote code... etc...

Someone has fixed this injections?
Thank you

Regards

ParrotSim

  • Newbie
  • *
  • Posts: 29
  • ┬íNunca dejes que los demas de detengan!
    • View Profile
Re: Security problems [IMPORTANT]
« Reply #1 on: November 07, 2020, 09:48:10 PM »
Here's a quick solution

First of all, test the files in a development/testing environment, not in production.

The zip contains a new file: "db_access.php". Put the same data you entered in "db_login.php" and that's it.

The reason for this quick fix is the problem of these vulnerabilities for access to the database via SQLInjection, so apply the solution as quickly as possible.

Using an SQLInjection attack the attacker can obtain the user data (including passwords) and would be prejudicial to users who use the same password on all sites (please NEVER do this)

Finally, if you find another security bug, don't be afraid to report it in the forum

pianista

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: Security problems [IMPORTANT]
« Reply #2 on: November 16, 2020, 08:05:21 AM »
Thank you. Finally I didn't use the patch, but I put modsecurity with fail2ban to avoid this kind of problems...