Discussion in "Map Me Support" started by    VR6Pete    May 6, 2011.
Fri May 06 2011, 03:18 PM
#1
Hello,

e107 Security has identified a vulnerability with MapMe 1.3!

unsure of the exact issue, but it seems that the plugin has allowed thumbs.php to be uploaded to e107_files.

Coulkd you please take a look and release an updated version to resolve this problem?

Thanks.

Pete

Fri May 06 2011, 07:05 PM
#2
Hi, I have no idea about such vulnerability in the plugin. as i am not dealing in anycase with thumbs.php I am really unsure how this is possible. I would really appreciate if you can help me out if such thing is true. Please PM me whatever inputs you can provide.

I am not getting enough time to work on plugins these days. Can you help me in this regard?

Thanks,
Ajay
Sun May 22 2011, 08:23 PM
#3
I've put extra lOgging on my website so I can see which file and what is being used to exploit your code... There's various topics on e107.org and it was noticed that mapme 1.3 was a known vulnerable plugin...

Thumbs.PHP is uploaded as part of the hack and is a result of the exploit, it also modifies e107.Js that then serves up viruses to users... Not good...

I'd suggest you review your code, and in the mean time I'll see what logs I can get

Cheers

Pete
Tue May 24 2011, 09:09 AM
#4
If there is a work around please let me know via PM.
Tue May 24 2011, 07:44 PM
#5
I have details of the exploit ive found on a russian website, i'll PM the details so you can fix it...

Cheers

Pete
Wed May 25 2011, 12:47 PM
#6
Please provide me links (e107 forum) where you made a post about this fix.
Wed May 25 2011, 01:15 PM
#7
Here you go.

http://e107.org/e107_forum-t220072.html
Wed May 25 2011, 01:17 PM
#8
Wed May 25 2011, 01:17 PM
#9
your forum keeps on messing up the URL

http://e107.org/e107_forum-t220072.html
Thu May 26 2011, 02:21 PM
#10
FURL is taking care of all URLs
anyways thank you for your help. I am working on an update version. I saw on that thread people are facing problem with it, but no1 is providing actual input to me so as to know what exactly is going wrong with them.

If you are facing any problem please do post that.

Get Social

Information

Powered by e107 Forum System

Conversation

Thu Jun 11 2020, 06:27 AM
anudee
sir could please send the code for I2C and wifi interfacing with 8051
scena
Tue May 19 2020, 10:29 PM
Does anyone have microcontroller programming software for STC15F104W (core 8051, 4 k, 128 byte, 6 I/O pin, UART ... DIL8), that works?
Sat May 02 2020, 07:38 PM
Tamu Gurung
Hi I am looking for a assembly language program for a digital decimal counter. Time counts max limit of 2 mins starting from 2.00 mins and ending at 0.00. time is to be displayed on 4 7-segment LED displays. Edsim51 simulator to be used. Thanks
Wed Mar 25 2020, 01:39 PM
Tajammul
Sir kindly send the code file i2c for 8051
ExperimenterUK
Fri Mar 13 2020, 10:36 PM
@ Rohitnani,ABEBE..which project ?
Fri Mar 13 2020, 12:55 PM
ABEBE
how can get hadwere of this project
Rohitnani
Sat Mar 07 2020, 05:11 PM
Sir, Could you please send me the zip file input password....
Wed Feb 26 2020, 04:58 PM
Peter Parker
Is it possible to send multiple messages using only 1 GSM module?
Sat Feb 01 2020, 10:12 AM
Pearl Olin
Hello,
Wed Jan 22 2020, 06:16 PM
MINU CHAUDHARY
I m getting errors while simulation process during interfacing socket output and lcd... Can i get the report of ur project which is same as us.

Downloads

Comments

Mirza123
Thu Jun 25 2020, 03:46 PM
eunicelove124
Mon Jun 22 2020, 03:03 PM
cerouno
Tue Jun 16 2020, 05:10 PM
Marce
Sat Jun 13 2020, 09:43 PM
Davidthils
Thu May 21 2020, 12:44 PM
Jakeror
Thu May 21 2020, 01:28 AM
motorCar
Wed May 20 2020, 07:05 PM
Vordrync
Wed May 20 2020, 11:52 AM

Online

Guests: 90, Members: 0 ...

most ever online: 182184
(Members: , Guests: 182184) on 06 Aug 2010: 05:37 AM

Members: 38215
Newest member: Mirza123