Hi all.
Today I've discovered that the MO mod could be potentially used to BRUTE FORCE passwords... :roll:
So I've applied a little patch to MO.
The same problem is in CHATBOX which is not part of XS, but since many of you may be interested in this mod... I'll attach here a working version for XS which has being secured against brute force attack. Remember that since this mod is not part of XS, we won't support it... :wink:
058-010 - FIXED - Security Issue In MO Folder
Subject: Respuesta: 058-010 - FIXED - Security Issue In MO Folder
Hello MG OK patches for XS Thanks :nurse:
Subject: Re: 058-010 - FIXED - Security Issue In MO Folder
I've upgraded the chatbox and installed on this site... :wink:
Enjoy it!
:lol_flag:
Enjoy it!
:lol_flag:
Subject: Re: 058-010 - FIXED - Security Issue In MO Folder
hi
new chatbox must be installed with all the standard mod install (edit of file, etc)......or simply replace the files ?????
new chatbox must be installed with all the standard mod install (edit of file, etc)......or simply replace the files ?????
Subject: Re: 058-010 - FIXED - Security Issue In MO Folder
if you have a chatbox installed
just replace the files
just replace the files
Subject: Re: 058-010 - FIXED - Security Issue In MO Folder
Isn't already installed in stansard installation of xs?????
I didn't install anything .........only xs....
I saw there's a block in block manager.......
I didn't install anything .........only xs....
I saw there's a block in block manager.......
Subject: Re: 058-010 - FIXED - Security Issue In MO Folder
I'm following instruction typed inside ChatBox Mod Install.txt file.
Ok for DB update using chatbox_db_install.php
OK upload files chatbox_login, chatbox_front and directory chatbox_mod into the root.
But I can't edit the file index.php following the instruction because I have not found parts of codes in index.php.
For example :
I can't find these code lines ...
and so with the other code changing ...
Any suggest ?
Ok for DB update using chatbox_db_install.php
OK upload files chatbox_login, chatbox_front and directory chatbox_mod into the root.
But I can't edit the file index.php following the instruction because I have not found parts of codes in index.php.
For example :
- #
- #-----[ FIND ]---------------------------------------------
- #
- $template->assign_vars(array(
- 'TOTAL_POSTS' => sprintf($l_total_post_s, $total_posts),
- 'TOTAL_USERS' => sprintf($l_total_user_s, $total_users),
- 'NEWEST_USER' => sprintf($lang['Newest_user'], '<a href="' . append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$newest_uid") . '">', $newest_user, '</a>'),
I can't find these code lines ...
and so with the other code changing ...
Any suggest ?
Subject: Re: 058-010 - FIXED - Security Issue In MO Folder
Those instructions are for subSilver... you can avoid templates modifications, since are not really needed for Chatbox to work.
Just add a link to the chat and that's it.
Just add a link to the chat and that's it.
Subject: Re: 058-010 - FIXED - Security Issue In MO Folder
Ok, the following are my operations for the installing ...
1. DB update using chatbox_db_install.php
2. Upload files chatbox_login, chatbox_front and directory chatbox_mod into the root.
3. Link to ./chatbox_mod/chatbox.php
My problems :
a. I can enter into the chat only if I'm logged before the link (from the portal page) but I have the chat page without the content, the bottom and the command line where I can type messages.
b. otherwise if I go to the link ./chatbox_mod/chatbox.php and I'm not logged, the chatbox ask me the username and password on a new page with on the bottom the following error message :
... and it doesn't work because if I type my username and password, it reply with a blank page and the following text :
1. DB update using chatbox_db_install.php
2. Upload files chatbox_login, chatbox_front and directory chatbox_mod into the root.
3. Link to ./chatbox_mod/chatbox.php
My problems :
a. I can enter into the chat only if I'm logged before the link (from the portal page) but I have the chat page without the content, the bottom and the command line where I can type messages.
b. otherwise if I go to the link ./chatbox_mod/chatbox.php and I'm not logged, the chatbox ask me the username and password on a new page with on the bottom the following error message :
Quote:
... and it doesn't work because if I type my username and password, it reply with a blank page and the following text :
Quote:
Subject: Re: 058-010 - FIXED - Security Issue In MO Folder
I don't use the chatbox_login.php page...
Just add this link only for logged in users:
And remember that I won't support this mod... I've just fixed a couple of securities in it... and I wanted to share it with users which may have this on their site! :wink:
Just add this link only for logged in users:
- <!-- BEGIN switch_user_logged_in -->
- <tr>
- <td align="left" width="8">{IMG_ARROW_RIGHT}</td>
- <td class="genmed" align="left"><a href="javascript:void(0);" onClick="window.open('chatbox_mod/chatbox.php','_chatbox','resizable=yes,scrollbars=yes,width=600,height=460')">Chat</a></td>
- </tr>
- <!-- END switch_user_logged_in -->
And remember that I won't support this mod... I've just fixed a couple of securities in it... and I wanted to share it with users which may have this on their site! :wink:
Page 1 of 1
You cannot post new topicsYou cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events
This is a "Lo-Fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Powered by Icy Phoenix based on phpBB
Generation Time: 0.1754s (PHP: 20% SQL: 80%)
SQL queries: 16 - Debug Off - GZIP Enabled