 |
 |
 |
 |
 |
| Author |
Message |
nam
Joined: 23 Dec 2006
Posts: 98
|
|
 Dangerous security problem, probably a big bug |
 |
By going to the users page, I could view the users of the system in the format shown on this page:
http://english.cutenews.ru/cuteru/example/index.php/users
But I added some plug-ins (Approve Comments, MyGallery, Private Messaging) and also converted my database from TextSQL to MySql.
Today, accidentally I clicked on the Users page and the format was changed completely.
In the Name section, instead of actual name, the encoded password of each user was displayed (exactly from the password field of the users table), and the date of registration was shown in 1969!
I checked it both while logged in and logged out. Soon I deleted the Show_users.php to solve the problem for now, but don't know what is the actual solution.
|
|
| Fri May 16, 2008 7:19 am |
  |
|
Guest
|
| |
|
Please login to hide the ads.
|
|
|
|
|
FI-DD
Admin
Joined: 22 Sep 2005
Posts: 2736
Location: Germany |
|
| |
|
Well, obviously it's caused by one of the plugins. If you tell me what plugin is causing it I might be able to fix it.
|
|
| Wed May 21, 2008 6:30 pm |
|
|
nam
Joined: 23 Dec 2006
Posts: 98
|
|
| |
|
I don't know which one of the 3 plug-ins caused it, because I saw the problem only after activation of all the above 3 plug-ins.
So I have no idea how to check and find which one of it caused the problem. I am new in programming!
|
|
| Wed May 21, 2008 8:50 pm |
|
|
scottdallas
Joined: 04 May 2006
Posts: 1843
Location: US |
|
| |
|
can you disable/enable them one by one and try to deduce which one is causing the undesirable characteristic?
_________________
www.scottdizzle.com uses cnr 
last update: 07-22-08: 8:30 pm |
|
| Thu May 22, 2008 2:27 am |
  |
|
nam
Joined: 23 Dec 2006
Posts: 98
|
|
| |
|
I have a very busy and imprtant site, so don't want to take any risk by doing so.
|
|
| Thu May 22, 2008 2:36 am |
|
|
Ramon
Joined: 12 Oct 2005
Posts: 462
Location: Hoogeveen, NL |
|
| |
|
If youre not willing to check out what's causing it, then we are not able to help you. None of us had this weird behavior and trying to reproduce it is simply to much work knowing you can check it in a few minutes.
_________________
 |
|
| Thu May 22, 2008 4:03 pm |
|
|
nam
Joined: 23 Dec 2006
Posts: 98
|
|
| |
|
I am very sorry,
But it is not the issue of "behavior", but just my responsibality with the web site I am using cn.ru for it. It is not a personal website and belongs to a community organization with hundreds of hits/hour.
SO I am afird, as I am new in programming and web desinging, it may cuase a problem that I may not be able to fix.
I will try to upload a fresh copy on another location and check it out with all the plug-ins.
|
|
| Thu May 22, 2008 6:51 pm |
|
|
scottdallas
Joined: 04 May 2006
Posts: 1843
Location: US |
|
| |
|
I doubt you'll destroy your site. I understand your fears but this isn't even programming, it's just pointing and clicking. I wish I knew the right words to inspire you to at least try. We all feel our sites are important but we all realize the only way to learn or to make our site do what we want to do, we must be willing to take risks. Well, I hope you get it figured out
_________________
www.scottdizzle.com uses cnr
last update: 07-22-08: 8:30 pm |
|
| Sun May 25, 2008 5:07 pm |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
|
 |
 |
|
