Discussion in "Map Me Support" started by    VR6Pete    May 6, 2011.
Fri May 06 2011, 08:48 pm
#1
Hello,

e107 Security has identified a vulnerability with MapMe 1.3!

unsure of the exact issue, but it seems that the plugin has allowed thumbs.php to be uploaded to e107_files.

Coulkd you please take a look and release an updated version to resolve this problem?

Thanks.

Pete

Sat May 07 2011, 12:35 am
#2
Hi, I have no idea about such vulnerability in the plugin. as i am not dealing in anycase with thumbs.php I am really unsure how this is possible. I would really appreciate if you can help me out if such thing is true. Please PM me whatever inputs you can provide.

I am not getting enough time to work on plugins these days. Can you help me in this regard?

Thanks,
Ajay
Mon May 23 2011, 01:53 am
#3
I've put extra lOgging on my website so I can see which file and what is being used to exploit your code... There's various topics on e107.org and it was noticed that mapme 1.3 was a known vulnerable plugin...

Thumbs.PHP is uploaded as part of the hack and is a result of the exploit, it also modifies e107.Js that then serves up viruses to users... Not good...

I'd suggest you review your code, and in the mean time I'll see what logs I can get

Cheers

Pete
Tue May 24 2011, 02:39 pm
#4
If there is a work around please let me know via PM.
Wed May 25 2011, 01:14 am
#5
I have details of the exploit ive found on a russian website, i'll PM the details so you can fix it...

Cheers

Pete
Wed May 25 2011, 06:17 pm
#6
Please provide me links (e107 forum) where you made a post about this fix.
Wed May 25 2011, 06:45 pm
#7
Here you go.

http://e107.org/e107_forum-t220072.html
Wed May 25 2011, 06:47 pm
#8
Wed May 25 2011, 06:47 pm
#9
your forum keeps on messing up the URL

http://e107.org/e107_forum-t220072.html
Thu May 26 2011, 07:51 pm
#10
FURL is taking care of all URLs
anyways thank you for your help. I am working on an update version. I saw on that thread people are facing problem with it, but no1 is providing actual input to me so as to know what exactly is going wrong with them.

If you are facing any problem please do post that.

Get Social

Information

Powered by e107 Forum System

Downloads

Comments

Michailqfh
Fri Mar 29 2024, 01:53 am
Bobbyerilar
Thu Mar 28 2024, 08:08 am
pb58
Thu Mar 28 2024, 05:54 am
Clarazkafup
Thu Mar 28 2024, 02:24 am
Walterkic
Thu Mar 28 2024, 01:19 am
Davidusawn
Wed Mar 27 2024, 08:30 pm
Richardsop
Tue Mar 26 2024, 10:33 pm
Stevencog
Tue Mar 26 2024, 04:26 pm