Security: SQL Injection Vulnerability in Storyteller CMS
Philipp
From: Vienna, Austria
Administrator
1340From: Vienna, Austria
Notice
This topic is archived. New comments cannot be posted and votes cannot be cast.Responses to this topic
1 Re: Security: SQL Injection Vulnerability in Storyteller CMS
Philipp
OP
From: Vienna, Austria
Administrator
1340From: Vienna, Austria
Just wondered what the base64_encode is for in this?
In line 751? To make the username file system safe, so special characters will not break the filename.
1 Re: Security: SQL Injection Vulnerability in Storyteller CMS
Richard B 8
From: -
From: -
Storyteller CMS is the predecessor of Contentteller, which will be still used by some websites.
Shamus from the http://antijasakom.net/forum forum discovered a weakness in Storyteller CMS where an attacker may execute arbitrary SQL statements on the vulnerable system. I was able to pinpoint the vulnerability and have released the patch below.
Unzip the patch and upload the new core.php to your Storyteller main directory. This vulnerability exists only in Storyteller, Contentteller is using a completely different code base.
Just wondered what the base64_encode is for in this?
Shamus from the http://antijasakom.net/forum forum discovered a weakness in Storyteller CMS where an attacker may execute arbitrary SQL statements on the vulnerable system. I was able to pinpoint the vulnerability and have released the patch below.
Unzip the patch and upload the new core.php to your Storyteller main directory. This vulnerability exists only in Storyteller, Contentteller is using a completely different code base.
st182_fix.zip