Very Important People on a Very Important Planet - SagaPlanet
from XOOPS Project
(2009/1/10 21:50)
|
This site will help you to discover the regions of the world, their history, and their nature through women and men who created it. You'll discover people who fought for projects, ideas: they built cities, universities, and institutions. They are Presidents, directors, artists, inventors ... Their paths may sometimes be subject to controversy, but they managed to build the unimaginable. We have started our Sagaplanet.com trip with New England in the US. One of the pioneer that came and discovered this region was Aymar de Chaste, a Knight Hospitallers, who was coming from France with the intention of discovering the New World. Before coming in America, the Knights Hospitallers had a great influence in Mediterranean area; they built fortresses like in Marseille or in Malta, under the directions of Jean Parisot de La Valette.They also fought against some armies like the ones of Saladin. This month, I propose you to do the reverse trip and to take the direction of South of France, i ...
|
Vulnerability in Protector of XOOPS 2.3.2b
from XOOPS Project
(2009/1/9 18:30)
|
We've been made aware of a vulnerability of XOOPS 2.3.2b As we've always communicated to you (e.g. in this article A Guide to Make your XOOPS Installation even more secure ), the best solution is to place your xoops_lib folder outside of webroot path. If you are not allowed to do so, add .htaccess to protect your Protector module. If .htaccess is not allowed or enabled on your server, turn off global_register on your server. If you are not allowed to do any of the above, then the only solution is to remove Protector module from your server and wait for a complete fix of the module. Of course, the best scenario would be to have clean and safe code. Unfortunately, we've missed this security bug, but we're working on the solution and will release it soon.
|
Structural defect of XOOPS-2.3.2 from xoops.org
from PEAK XOOPS
(2009/1/9 13:09)
|
I've shocked just by looking inside of the archive of xoops-2.3.2b.They put XOOPS_TRUST_PATH folder inside htdocs/ !
(They renamed xoops_trust_path into xoops_lib. this fact also shows us they didnot understand the meaning of XOOPS_TRUST_PATH)
Moreover, there are no .htaccess under the folder xoops_lib/
I suspect my eyes.
mamba had reported LFI in the file under XOOPS_TRUST_PATH.
This is another evidence they cannot understand the meaning of inside/outside DocumentRoot.
When mamba saidI fixes Protector, I repliedSuch a patch is non-sense.This report proves mamba's patch was just non-sense.http://www.milw0rm.com/exploits/7705You should interpret the report is not an exploit of Protector itself but just XOOPS-2.3.2.
Anyway, phppp and developpers of xoops.org should do right now:
Put xoops_lib(XOOPS_TRUST_PATH) ouside of htdocs.
Learn the meanining of inside/outside DocumentRoot.
Read how to install Protector V3 againand again!
If you cannot do that or cannot understand what I mean, ...
|
Structural defect of XOOPS-2.3.2 from xoops.org
from PEAK XOOPS
(2009/1/9 13:09)
|
I've shocked just by looking inside of the archive of xoops-2.3.2b. They put XOOPS_TRUST_PATH folder inside htdocs/ ! (They renamed xoops_trust_path into xoops_lib. this fact also shows us they didnot understand the meaning of XOOPS_TRUST_PATH) Moreover, there are no .htaccess under the folder xoops_lib/ I suspect my eyes. mamba had reported LFI in the file under XOOPS_TRUST_PATH. This is another evidence they cannot understand the meaning of inside/outside DocumentRoot. When mamba said "I fixes Protector", I replied "Such a patch is non-sense". This report proves mamba's patch was just non-sense. http://www.milw0rm.com/exploits/7705 You should interpret the report is not an exploit of Protector itself but just XOOPS-2.3.2. Anyway, phppp and developpers of xoops.org should do right now: Put xoops_lib(XOOPS_TRUST_PATH) ouside of htdocs. Learn the meanining of inside/outside DocumentRoot. Read how to install Protector V3 again and again ...
|
Great Article in CMSWire about XOOPS
from XOOPS Project
(2009/1/9 5:20)
|
CMSWire has published a great article about XOOPS . I love this quote: Quote: With two prestigious recognitions in less than 6 months, XOOPS is flexing its muscle as a powerful, PHP based open source Web CMS. Look for more big things from XOOPS throughout 2009. Who knows, maybe that finalist spot in PacktPub.com’s contest will become a winning spot this year. It's definitely great to see that the press is finally taking notice of XOOPS. Read more here...
|
bublue studio theme
from XOOPS Project
(2009/1/9 0:00)
|
hi all I design this theme with free css from csscreme and Morphogenesis 2 template . this theme have 2 column . you can download it from here live demo here happy new year !!!
|
Design Contest for XOOPS Giftshop
from XOOPS Project
(2009/1/9 0:00)
|
In order to generate funds to cover the cost of hosting our servers, we have opened a new Cafepress Shop , and we want the community to help us design cool and unique XOOPS images for t-shirts, mugs, caps, etc. We hope to have lots of winners as we need many designs, so open up your favorite graphic editor and bring out the artist in you! The prize for winning will be fame and fortune as people all over the world will wear your design and drink from your scribbles... Of course you'll have to hand over all copyrights for your design to the XOOPS Foundation to be able to participate... There are no deadlines on the'contest'as we know deadlines are creativity killers, but we would love to see some first designs in January. So work in your own pace, and create the'WOW'effect with your design :) For more info and the rules, please visit our GiftShop module (developed by Rune Hauge from XOOPS Nordic ) And we have already place for our Winners - click here ... You can b ...
|
Shanghai DeShan Upholster Company
from XOOPS Project
(2009/1/7 21:30)
|
A very nice and attractive Website using News, ExtGallery, and gamaps. Congratulations to the designer, whoever it was! Check it out at: http://www.dszhh.com/
|
Video Tube v1.81 Release Now Available
from XOOPS Project
(2009/1/7 13:10)
|
Video Tube v1.81 is an XOOPS module providing the ability to search, embed and manage videos on your site. Search, preview and auto-fill submission offered for YouTube, DailyMotion, MetaCafe and blip.tv plus a manual submission form for all other video services that offer video embedding. This is a beta release intended to address some of the feature requests we have received. Some of the new features include full language support, html class attribute assignments and module style css, elimination of all hard-coded text moving everything to language files, addition of subcategories, complete rewrite of the category management admin interface, optional category selection display utilizing fieldset form with breadcrumb header, automatic comment reply title assignment using the video title, and changing several of the video table fields to text from varchar eliminating length restriction problems. Be advised this release has only been tested with XOOPS 2.3.1. We will be adding language tr ...
|
Big Umbrella Anti-SQL-Injection(1)
from PEAK XOOPS
(2009/1/7 4:37)
|
There are a lot of XOOPS modules or PHP applications with SQL Injection still.
Protector can protect some patterns of SQL Injections.
It is justsomeinstead ofall.That's because Protector cannot distinguish attacks and fair requests just by REQUEST layer.A word ofUNIONwill be posted asUNI-ON.Such modification in REQUEST layer must be non-sense.
Then, Protector should judge them by both REQUEST layer and DB layer.
anti-XSS:
(a) doubtful requests are found
(b) ob_start()
(c) compare requests and outputs
SQL Injection:
(1) doubtful requests are found
(2) override DB layer
(3) comparerequests and SQLs
It is not easy to implement (3) because Protector have to parse SQLs.
However, (2) will be the most problem for XOOPS.
Because there are no way to override DB layer.
I will suggest DB layer modification can be overridden for all core teams in the next entry.
This idea is basedon JM2. (four years ago!)
He is the real hero for XOOPS :worshippy:
|