Discussion in "Map Me Support" started by    VR6Pete    May 6, 2011.
Fri May 06 2011, 08:48 pm
#1
Hello,

e107 Security has identified a vulnerability with MapMe 1.3!

unsure of the exact issue, but it seems that the plugin has allowed thumbs.php to be uploaded to e107_files.

Coulkd you please take a look and release an updated version to resolve this problem?

Thanks.

Pete

Sat May 07 2011, 12:35 am
#2
Hi, I have no idea about such vulnerability in the plugin. as i am not dealing in anycase with thumbs.php I am really unsure how this is possible. I would really appreciate if you can help me out if such thing is true. Please PM me whatever inputs you can provide.

I am not getting enough time to work on plugins these days. Can you help me in this regard?

Thanks,
Ajay
Mon May 23 2011, 01:53 am
#3
I've put extra lOgging on my website so I can see which file and what is being used to exploit your code... There's various topics on e107.org and it was noticed that mapme 1.3 was a known vulnerable plugin...

Thumbs.PHP is uploaded as part of the hack and is a result of the exploit, it also modifies e107.Js that then serves up viruses to users... Not good...

I'd suggest you review your code, and in the mean time I'll see what logs I can get

Cheers

Pete
Tue May 24 2011, 02:39 pm
#4
If there is a work around please let me know via PM.
Wed May 25 2011, 01:14 am
#5
I have details of the exploit ive found on a russian website, i'll PM the details so you can fix it...

Cheers

Pete
Wed May 25 2011, 06:17 pm
#6
Please provide me links (e107 forum) where you made a post about this fix.
Wed May 25 2011, 06:45 pm
#7
Here you go.

http://e107.org/e107_forum-t220072.html
Wed May 25 2011, 06:47 pm
#8
Wed May 25 2011, 06:47 pm
#9
your forum keeps on messing up the URL

http://e107.org/e107_forum-t220072.html
Thu May 26 2011, 07:51 pm
#10
FURL is taking care of all URLs
anyways thank you for your help. I am working on an update version. I saw on that thread people are facing problem with it, but no1 is providing actual input to me so as to know what exactly is going wrong with them.

If you are facing any problem please do post that.

Get Social

Information

Powered by e107 Forum System

Downloads

Comments

EdwardFew
Mon Mar 18 2024, 01:14 pm
EmeryPah
Mon Mar 18 2024, 11:51 am
RobertMax
Sun Mar 17 2024, 10:22 pm
DanielJar
Fri Mar 15 2024, 06:52 pm
Tuzaimecor
Fri Mar 15 2024, 02:32 am
PromotionFoode
Thu Mar 14 2024, 08:11 pm
EdwardGeawn
Sun Mar 10 2024, 12:24 pm
ZacharyShado
Sat Mar 09 2024, 10:04 am