Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Not Solved syndication.php - causing security issues
#1
Not Solved
Hey,

I just did a scan with Acunetix on a friend's website I'm an admin on, as he asked me to, and it appears syndication.php is causing a lot of problems.

I'm not posting the URL, for obvious reasons.

Code execution (Unix):

[Image: 2ngbvqx.png]

Directory traversal (Unix)

[Image: 1ifiit.png]


Can someone please guide me as to what I should do? I can see the solutions there, but I'm not sure what exactly should be done to fix the issue.

There are some lower priority problems, but it's the high risk problems that need to be fixed first.

Thanks.

#2
Not Solved
All user input that needs to be sanitised gets sanitised before it goes into any queries... the only user input here is a list of forums and what type of feed you want...
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
#3
Not Solved
So, what's the solution to solve this problem?
#4
Not Solved
You assume this test is even accurate... it says 'Your script should filter metacharacters from user input', but it already intval's the fids that you give before they go into the query...
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
#5
Not Solved
This user has been denied support. This user has been denied support.
does this test program show exactly which request it believes to cause a problem?

your screenshots only show a very generic description but no detail or info whatsoever.
#6
Not Solved
(2010-12-27, 11:44 AM)MattRogowski Wrote: You assume this test is even accurate... it says 'Your script should filter metacharacters from user input', but it already intval's the fids that you give before they go into the query...

If I remove syndication.php, will that cause problems in other areas of the site?
#7
Not Solved
Well, you won't be able to view the feeds, but I think you're getting overly worked up about a test that, as frostschutz said, gives no actual information on what it thinks is wrong.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
#8
Not Solved
(2010-12-27, 12:32 PM)MattRogowski Wrote: Well, you won't be able to generate the feed URLs, but I think you're getting overly worked up about a test that, as frostschutz said, gives no actual information on what it thinks is wrong.

Removed syndication.php, re running the scanner.

We didn't need it anyway.
#9
Not Solved
Thats acunetix web vulnerability scanner none of the information from that program is ever accurate really you can scan the most secure site and it will find somthing every time Wink
try scanning with Nmap next time
#10
Not Solved
This user has been denied support. This user has been denied support.
For what it's worth, I read through syndication.php and all input seems to be sanitized properly... so if you can't provide something more concrete, this is a false alarm...


Forum Jump:


Users browsing this thread: 1 Guest(s)