Security

Find a web host that supports Siteframe

Siteframe has, unfortunately, been shown to be vulnerable to cross-site scripting attacks. In this case, an attacker from a remote site can use a security hole in Siteframe to access files on the attacked computer.

There is a fix; you need to edit the file web/siteframe.php and change this line (which appears near line 20 at the top of the file):

    if ($LOCAL_PATH == "")

to this

    if ($LOCAL_PATH != "../")

You also need to add the following lines to web/classes.php immediately following the $PAGE_START= line:

    // security fix
    if ($LOCAL_PATH != "../")
    $LOCAL_PATH = "./";

This will ensure that $LOCAL_PATH only contains a valid value.

Siteframe 3.2.2 contains both these fixes.

by glen (Glen Campbell)
November 26, 2005 22:40
in Security

• Prev: XSS Vulnerability in Siteframe 5.0.1

• Tags
• security
• siteframe
• xss
• all tags

©2005-7 Glen Campbell / powered by Siteframe™ Beaumont 5.0.5
Site Map / About / Terms of Service / Privacy Policy / Contact Us / Help