please take a look at this post. short of double posting, just want to reference you over to the post on the Dolphin 7 forum.
Regards,
DosDawg
Orca Forum Allowing Injection
 When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
Also, make sure you've handled all of these: http://www.google.com/#hl=en&source=hp&q=orca+interactive+forum+script+vulnerabilities&aq=f&aqi=&aql=&oq=&fp=f8bc9ba0718e9555 BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
yes please ALL ~1500 of them. either that or lets abandoned the ORCA forum for a real forum. make a deal with phpbb or IPB or somebody. because this is not looking very good. Regards, DosDawg When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
Looks like most of the problem lies in sites that have their globals turned on. You are right however, for the limited features available in this script, it's not even worth messing with trying to fix it. There are so many other "Proven" scripts out there Dolphin should just adopt one. http://towtalk.net ... Hosted by Zarconia.net! |
@skyforum Looks like most of the problem lies in sites that have their globals turned on. You are right however, for the limited features available in this script, it's not even worth messing with trying to fix it. There are so many other "Proven" scripts out there Dolphin should just adopt one. there is a secret to the register globals being on and off. if a shared hosting provider has them on globally, and you have a custom ini, or htaccess, your site is still vulnerable. that is the reason its recommended that you not use shared hosting, because the generalized server configuration is setup to run a multitude of scripts, which some require register_globals on or other generic settings. yes orca is considerably vulnerable, for this reason and many others. did you look at the post where the fella posted on the Dolphin 7 Forum. Great place to advertise eh? Regards, DosDawg When a GIG is not enough --> Terabyte Dolphin Technical Support - Server Management and Support |
This is not allowing injection. This is allowing the style elements that make this possible. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
The new Dolphin solution is powered by UNA Community Management System.