MemHT Portal is a Free PHP CMS and Blog
It permit the creation and the management online of websites with few and easy steps.
It's completelly customizable, expandable and suitable for all needs.
      Download MemHT Portal
Forum
Moderators: Moderators
Forum RSS feedReply
Possible Vulnerability?
AuthorText
slashado
Donator

Posts: 282
Contributes: 298

Gender: _MALE_
Online: No

Version: 4.0.1
Country: Brasil
Languages: Português, Inglês (via Google), e todas as outras (via google)
Date: 25/01/2010 19:34
Possible Vulnerability?		#post23333
Site url: http://www.mscriacoes.com.br
MemHT version: 4.0.1
Hosting OS: Linux
PHP and MySQL versions: 5.x
Installed addons/scripts: none
Error/Problem: Users Password

Mem ...
This site has just launched, a friend of mine warned of a possible failure

*
Edited: 26/01/2010 13:16
Reason: (Edited by mem)
..::MS Criações::.. - Criação e Hospedagem de Websites!
..::Memht BRASIL::.. - Comunidade brasileira do MemHT!
..:: Projeto M.I.R.C ::.. - Portal Musical utilizando MemHT!
Delete Edit Quote
 
mem
MemHT's Dad
Admin & Developer
mem

Posts: 6824
Contributes: 4277

Gender: _MALE_
Online: No

Languages: English, Italiano, Македонски, Српски
Date: 26/01/2010 13:15
Re: Possible Vulnerability?		#post23337
Uhm... isn't much useful because nobody can know which password is changed since he doesn't have the id table. But thanks, it's a bug that can be fixed.

pages/users/index.php

Find on row~715

code
if ($chkcode==$code_check2) {


and replace it with

code
if ($chkcode==$code_check2 && !empty($chkcode)) {
Edited: 26/01/2010 13:24
Follow me on twitter if you want to be updated on the MemHT 5 development.
Delete Edit Quote
 
slashado
Donator

Posts: 282
Contributes: 298

Gender: _MALE_
Online: No

Version: 4.0.1
Country: Brasil
Languages: Português, Inglês (via Google), e todas as outras (via google)
Date: 26/01/2010 14:34
Re: Possible Vulnerability?		#post23338
Thanks Mem

About the Captcha, I'd like to do some testing reCAPTCHA.
What are the files responsible for the Captcha MemHT?
..::MS Criações::.. - Criação e Hospedagem de Websites!
..::Memht BRASIL::.. - Comunidade brasileira do MemHT!
..:: Projeto M.I.R.C ::.. - Portal Musical utilizando MemHT!
Delete Edit Quote
 
mem
MemHT's Dad
Admin & Developer
mem

Posts: 6824
Contributes: 4277

Gender: _MALE_
Online: No

Languages: English, Italiano, Македонски, Српски
Date: 26/01/2010 15:46
Re: Possible Vulnerability?		#post23339
imgCode.php is the image itself, but everypage that uses it ha to be changed (the captcha control is in pages)
Follow me on twitter if you want to be updated on the MemHT 5 development.
Delete Edit Quote
 
Reply
Tags Cloud
Advertising
MemHT Portal on...
Twitter
Language
Help MemHT Portal
Navigator
Home
Community
Contact Us
Download
Forum
News
Gallery
RSS Feeds
Search
SiteMap
Submission
Topics
User Page
Users Block
Hi Guest
IP: 38.107.191.89

Username
Password
New files
eTravel
MemHT Polish Pack
Vector
IE template
Hide text by RuFilmz.ru
Extended form of quick reply
Comments + Notification (similar to the forum)
GameManiacs
Public Health Template
Thai language
MemHT Wiki
How to install new Blocks
Folder permissions
Virtual Addons
Installation
How to create new Templates
How to install new Addons
Features
What is MemHT Portal
How to add Banners
How to create static html pages
News Archive
March 2010 (1)
January 2010 (1)
December 2009 (2)
November 2009 (2)
October 2009 (1)
September 2009 (1)
August 2009 (1)
June 2009 (2)
May 2009 (2)
April 2009 (1)
February 2009 (2)
January 2009 (2)
memht.com
Copyright © 2005-2009 by Miltenovikj Manojlo - All rights reserved

www.memht.com
www.memht.org
www.memht.it
 | |
MemHT Portal is a free software released under the GNU/GPL License by Miltenovik Manojlo