July 18th, 2003, 04:10 PM
.php Hole still there
Okay JupMed, you are lucky that someone nice like me found this out first, and that I am willing to cooperate and help you through this. But that will only last so long, security through obscurity is a very, very bad practice. In my first post in this forum, I strongly urged you to contact me so we could work through this, you didn't, in my private message, I strongly urged you to conact me, you didn't. You disabled the [view members] section for a few days, and did whatever, if anything that is, I see no code change, then re-enabled it. The hole capable of DoS'ing this whole site, is still there. The hole can still be easily replicated across this whole site, yes, it still works. It appeared that the hole was patched, but that was a mistake that I admit on my part. Again, I strongly urge you to patch this hole, and get the problem fixed. I do not, and I hope you don't, want to see this site go down indefinitely. If you do not know how to fix this problem, I could assist you if you wish, but it is a problem, it is serious, and it needs attention immediately.
to other members reading this post > > I have already private messaged both intmon / JupMan, and previously posted this. I just hope that this hole does not fall into the wrong hands, and wish action to be taken as soon as possible. I have posted / private messaged them, so that they will notice this problem as soon as possible.
July 19th, 2003, 05:26 AM
Okay, finally this problem is solved.
As for this thread, there is either something wrong on the server side, or I am just inept, I cannot edit or delete it. . .
Can a moderator delete this thread, please and thank you.