Main Menu
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register /  [Login] Login 
Messages posted by: Carbonize
Forum Index » Profile for Carbonize » Messages posted by Carbonize
Author Message
Support Forum » passwort, I don't know » Go to message
The password is saved in your SQL database. It in in the auth table and is encrypted.
Support Forum » error on home page » Go to message

has to be the very first thing on the page.
Support Forum » free beer » Go to message
Have you edited the script in anyway ?
Support Forum » Guestbook 2.2 exploit fix » Go to message
Now the big test, can you actually login

As I said above it should work fine but I don't think it will work if the password contains quotes or certain other characters. But then who makes a password with quotes in it ?
Support Forum » Guestbook 2.2 exploit fix » Go to message
Oh and yes, the fix is as I posted in the first post.
Support Forum » Guestbook 2.2 exploit fix » Go to message
I'd say that yes they are now vulnerable. I uploaded the 2.2 sessions.class.php file to my 2.3.1 installation while testing this fix and I was vulnerable to it. Best fix for the login loop appars to be www.carbonize.co.uk/install.zip I just need to weed out the syntax bugs in it.
Support Forum » Guestbook 2.2 exploit fix » Go to message
If you have access to the server then best you do it. It's a simple enough modification. Only problem I can see is if the real password actually contains quotes or certain other symbols.
Support Forum » Guestbook 2.2 exploit fix » Go to message
Another bump as I want someone with a live 2.2 installation to test it. Or am I going to end up emailing a site with a hacked guestbook with the fix.
Support Forum » Removing homepage field » Go to message
I assume you are talking about the advanced guestbook. There is an image verification script available to stop the automated signing of the guestbook. You can get it from www.carbonize.co.uk/verification.zip
Support Forum » guestbook spam » Go to message
Let me know because it is annoying.
Support Forum » php 2.3.1 » Go to message
BBcode does not work in the comments neiter do smileys. The comments are not passed to the same routine as the actual message and so they do not get converted.
Support Forum » php 2.3.1 » Go to message
Stupid question but did you turn BBcode (AGcode) on in the settings?
Support Forum » Advanced guestbook - Password for admin area » Go to message
If you can access your SQL database you can restore the guestbook to the default username of test and password of 123.
Support Forum » Advanced Guestbook » Go to message
Actually having reread your post I am worried. unlink(index.html) says to me that the script was trying to unlink (delete) the index.php file of the guestbook. I may be wrong though.
Support Forum » Advanced Guestbook » Go to message
You need to change the permissions on both the public and tmp folders in the guestbook folder. You need to CHMOD them both to 777. If you do not know how to do this then read your FTP clients help files.
 
Forum Index » Profile for Carbonize » Messages posted by Carbonize
Go to:   
Based on the open source JForum