Jump to content

straight to 3.0? there still a sql inj in 2.3.x =\


Guest Yaroslav

Recommended Posts

Until you have some info on a specific exploit that needs patched, or open a ticket in your client center to have IPS check the logs to see what they did, there's very little anyone can do. SQL injection is a generic term for a type of exploit. If there is indeed such an exploit in the current product, there's no way to know where it is just by saying it's in there somewhere.

Link to comment
Share on other sites

Until you have some info on a specific exploit that needs patched, or open a ticket in your client center to have IPS check the logs to see what they did, there's very little anyone can do. SQL injection is a generic term for a type of exploit. If there is indeed such an exploit in the current product, there's no way to know where it is just by saying it's in there somewhere.



thats a private exploit.. how im supposed to know?!

also thats the work of IPS to find it.. thats why we paid them and use there products. :huh:
Link to comment
Share on other sites

thats a private exploit.. how im supposed to know?!



also thats the work of IPS to find it.. thats why we paid them and use there products. :huh:


The way you're supposed to find this out is by having IPS track down what this malicious user did by submitting a ticket. You're not actually in the Customers group, so did you pay them to use their products?

Whatever exploit this user took advantage of was almost certainly not in IPB 2.3.5. If it were, he, or other script kiddie buddies of his, would probably be using it to take down sites like this one or other large sites, not just yours.
Link to comment
Share on other sites

What version are you using YK'47, because as Μichael already stated there are no known security issues with the 2.3.5. If you are using an older version then I think it would be time to upgrade to the latest version to prevent these kind of things for happening again in the future

Link to comment
Share on other sites

Well, as I already said, this isn't enough information to even begin to guess as to what exploit this user took advantage of, the sources directory is where most of the product's source code is located. Since you don't have an active support license, you unfortunately now don't have the luxury of having IPS find what the issue is.

My advice is you renew your support license and submit a ticket to IPS, they will be able to check your raw access logs (if you have them) to find out what he did.

Link to comment
Share on other sites

Well, as I already said, this isn't enough information to even begin to guess as to what exploit this user took advantage of, the sources directory is where most of the product's source code is located. Since you don't have an active support license, you unfortunately now don't have the luxury of having IPS find what the issue is.



My advice is you renew your support license and submit a ticket to IPS, they will be able to check your raw access logs (if you have them) to find out what he did.



how i check it?

if i will success so i'll copy it to here.. and you will able to fix it.
Link to comment
Share on other sites

  • Management

There are no known SQL injections in IPB 2.3.5 at this time. We monitor security update sites always looking for new issues to be reported. If you have found an issue, please feel free to email us the information you have and we will be happy to research the issue and release a security update if necessary.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...