Web-APP.org Articles : Old News : Critical Security Update - WebAPP Web Automated Perl Portal

About | Contact | Help

Advertisement

View All Advertisements

Topics: Newsletter | FAQ | Announcements | News | Editorials | Perl | Programming | Bugs | Linux | Security | Internet | Viruses | Old News | All

Critical Security Update

Published on Mar 28 2005 at 2:43 GMT. Written by Kat.

Old News

Hello Fellow Webapp Users. As most of you know, that with all scripts and software there is almost always a backdoor in which hackers can work to gain access to your database.
The Team at WebAPP worked quickly and diligently, found and tested the solution.
The current Critical Update consists of 1 small file named subs.pl containing the sub named getcgi.
This file can be applied in 1 of 3 different ways.
First off, make sure you have a backup copy of your now current files before proceeding!!

1.If your user-lib folder currently does not contain a subs.pl just upload the update (subs.pl) to the user-lib folder.
2.If your user-lib folder currently does contain a file named subs.pl due to an add-on such as the menumanager etc, You will need to copy and paste the updated subroutine (sub getcgi) to the subs.pl contained in your user-lib folder.
3.Please Note: The following is recommended only for those experienced in working with text editors and .pl files.
This is done by replacing the subroutine in your main file.
Open a copy of the cgi-lib/subs.pl in a text editor, find the subroutine named sub getcgi carefully remove the current sub getcgi and paste the updated sub getcgi to your main subs.pl save and upload to the cgi-lib folder.

If this proceedure is done correctly your website will function as normal, you won't notice anything new, but the hackers will not be gaining access to certain important files.
Thats It......Your Done and Good Luck with your Website.
The WebAPP Staff

Printer Friendly version - Critical Security Update

Log in to use this feature

(2965 reads)

There are 20 articles in this category. See all articles by Kat or all articles in Old News

Comments on this article:

Critical Security Update | 8 comments | | Sign Up

The comments are owned by the poster. We aren't responsible for its content.
Only registered members may comment on articles.

Nice Job

Written on 03/28/05 at 04:05:29 GMT by Jos

Excellent article Kat. These instructions are very easy to understand. Thank you.
Pure poetry!

Written on 03/28/05 at 04:33:33 GMT by On

Absolut Pure poetry!

By the way for those that have difficulties in remembering urls, or also want to stay updated with future security updates, check out this link often: www.mlapp.org/security
/security

Written on 03/28/05 at 06:59:12 GMT by On

Ok.. not spamming here!
Just want to make this link active:

http://www.mlapp.org/security

On :)
Cool

Written on 03/28/05 at 12:18:56 GMT by Ted Cambron

:)
whatever

Written on 03/30/05 at 20:42:34 GMT by rebarz99

Nice work :P
Thanks rebarz99! :)

Written on 04/19/05 at 09:32:57 GMT by On

Thanks rebarz99!

Asked Jos to give you credits for your help too! lol

Hope you guys have time to run some testing on it or at www.mlapp.org you are most welcome to crash www.mlapp.org :)
Thanks!

Written on 02/13/06 at 06:11:54 GMT by ettruck

<<.If your user-lib folder currently does not contain a subs.pl just upload the update (subs.pl) to the user-lib folder. >>

It didn't. It does now. Thanks for the heads up and for the patch.
Outdated Update

Written on 02/16/06 at 11:04:09 GMT by Admin

This patch is no longer necessary for sites running 0.9.9.2.1 and above . The vulnerability was discovered by others for version 0.9.9.1 but was not revealed to us until after 0.9.9.2 was released. We quickly developed another release at that time so as to include this patch, and the subroutine has been since expanded upon. So uploading this old patch to a new site may actually have the effect of downgrading your site and possibly even reducing your security.

Topics | Articles | Top Reads | Vote for Stories

Main Menu

Support

Translations

Development

News

Log In

Online Now

0 Member(s)
11 Guest(s)
5 Robot(s):
MSN
Yahoo!
MSN
Yandex
MSN
Most ever on: 124
Membership: 2400

Welcome to our newest member: md

Recent Discussions

error on download - Feb 8 2010 at 22:37 GMT by Jos

LOL Smiley Animation - Feb 6 2010 at 1:55 GMT by Amy

Can't get showhtml to work. - Feb 4 2010 at 2:15 GMT by Jos

Border Crossings or HAVE I GOT THIS RIGHT? - Feb 2 2010 at 23:22 GMT by Homer_Simpson

Funny Exit Popup Type Thing - Jan 31 2010 at 19:24 GMT by kikibig

New Traffic Law (not a joke) - Jan 30 2010 at 22:53 GMT by Jos

using html anywhere on the site. - Jan 30 2010 at 15:14 GMT by Jack Deth

Articles & Images - Jan 23 2010 at 19:41 GMT by JoeJ

Where is the Admin page? - Jan 23 2010 at 18:16 GMT by Jos

Profile Picture - Jan 15 2010 at 19:16 GMT by Homer_Simpson

Home Page

Favorites

TO_TOP_ALT

About | Contact | Help | Recommend | Statistics

This site was made with WebAPP - Automated Perl Portal v1.0 Alpha,
a web portal system written in Perl.
WebAPP is free software, and its code is Open Source.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are the responsibility of the Poster.

Template design from "WebAPP Standard" theme (v0.9.9.9, 2008) design by my2cents, as evolved from "WebAPP Standard" (v0.9.6, 2003)