[joomla] 1.0.4 ships, closes CRITICAL REMOTE EXPLOIT
kirill at hostnetservices.com
kirill at hostnetservices.com
Mon Nov 21 13:52:04 EST 2005
I download from a neighbor - my ISP is having issues.
Is this the same issue
http://isc.sans.org/diary.php?storyid=870
And is this a valid manual patch:
$protects = array('_REQUEST', '_GET', '_POST', '_COOKIE', '_FILES',
'_SERVER', '_ENV', 'GLOBALS', '_SESSION');
foreach ($protects as $protect) {
if ( in_array($protect , array_keys($_REQUEST)) ||
in_array($protect , array_keys($_GET)) ||
in_array($protect , array_keys($_POST)) ||
in_array($protect , array_keys($_COOKIE)) ||
in_array($protect , array_keys($_FILES))) {
die("Invalid Request.");
}
}
Thanks,
Kirill
Mitch Pirtle <mitch.pirtle at gmail.com>
11/21/2005 01:42 PM
Please respond to
"NYPHP SIG: Joomla" <joomla at lists.nyphp.org>
To
"NYPHP SIG: Joomla" <joomla at lists.nyphp.org>
cc
Subject
Re: [joomla] 1.0.4 ships, closes CRITICAL REMOTE EXPLOIT
On 11/21/05, kirill at hostnetservices.com <kirill at hostnetservices.com>
wrote:
>
> When I try to download a patch, it goes half way fast and then it stops.
I do not have issues downloading from other sites. This is with IE and
Firefox.
Please tell me which patch you are trying to download, and I can test/fix.
-- Mitch
_______________________________________________
New to Mambo? Get a great start here:
http://forum.mamboserver.com/showthread.php?t=42100
New York PHP SIG: Mambo Mailing List
AMP Technology
Supporting Apache, MySQL, PHP & Mambo!
http://lists.nyphp.org/mailman/listinfo/joomla
http://www.nyphp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20051121/ca812842/attachment.html>
More information about the Joomla
mailing list