Security breach

**webindia** · 04-18-2005, 02:05 AM

Received a mail from some one reagarding security issues with lite version.

From his mail

By adding the cookie_admin_authenticated=1 to the end, it allows you to view the password settings for your site

Example: www.yourdomain.com/admin/app_setup.php?cookie_admin_authenticated=1

God!! it shows database password and admin password

I potected my admin folder with password, is there any other way to solve this issue??

Thanks
Kiran

**lexpression** · 04-18-2005, 04:36 PM

I don't use the lite version, but in 3.2 - If I'm correct, this only works if you are logged in as admin therefore there is no security problem.

**esm** · 04-18-2005, 08:30 PM

Originally Posted by webindia

I potected my admin folder with password, is there any other way to solve this issue??

Thanks
Kiran

the procedure does in fact work as you described.

How about deleting app_setup.php?

.

**jiraiya** · 05-22-2005, 07:35 AM

Originally Posted by esm

the procedure does in fact work as you described.

How about deleting app_setup.php?

.

This is a pretty big security problem. If I delete app_setup.php, the Setup section won't work but I will have to use this for now. Everything else still works even without app_setup.php.

Why isn't this being addressed? It's now the 4th day since the OP posted the issue.

**esm** · 05-22-2005, 10:18 AM

Originally Posted by jiraiya

It's now the 4th day since the OP posted the issue.

I assume you meant 34th day. Either that or my math skills have decreased to nothing....!

Originally Posted by jiraiya

Why isn't this being addressed?

I'm not sure that the lite version is supported.

If it is supported at all, all official support is by emailing support@nicecoder.com,

see: http://www.nicecoder.com/community/s...2&postcount=19

Originally Posted by dody

Our support is limited to installation and template modification. We do not guarantee that php code hacking / assistance will be get support from us, because many of request from this kind of support is require a lot of time. The best solution is to hire our developer to handle your requirement.

while not specifically mentioned, one would think that bugs would also be addressed.

Originally Posted by dody

This forum is intended to become community sharing ideas and problem solving. But the official support is by email at support@nicecoder.com, and we always respond to your problem. If you need emergency support please email us so we can help you quickly.

Hope this helps.

Originally Posted by jiraiya

If I delete app_setup.php, the Setup section won't work

You could try renaming it but that might require other changes as well. or rename it and then change it back when you need it. It ain't perfect but...

.

**Frank71** · 05-22-2005, 11:40 AM

Hello,
it is supported, but not allways here in the forum. You can write to the email or post reports and coments on bugs.nicecoder.com

Regards
Frank

Thread: Security breach

Thread Tools

Display

Security breach

Similar Threads

Warned that indexU with vBulletin leaves security hole

Product Security & Suggestions

security hole!!

Posting Permissions