Possible Vulnerability? | Forum | MemHT Portal

MemHT Portal is a Free PHP CMS and Blog

It permit the creation and the management online of websites with few and easy steps.
It's completely customizable, expandable and suitable for all needs.

Download MemHT 4 Stable version

Download MemHT 5 Alpha Test version

Home > Forum > MemHT Portal > Security, Bugs and Fixes > Possible Vulnerability?

Forum

Home > MemHT Portal > Security, Bugs and Fixes > Possible Vulnerability?

Moderators: Moderators

Possible Vulnerability?

Author

Text

slashado
Donator

Posts: 302
Contributes: 329

Gender: _MALE_

Online: No

Version: 4.0.1
Country: Brasil
Languages: Português, Inglês (via Google), e todas as outras (via google)

Date: 25/01/2010 19:34
Possible Vulnerability?

#post23333

Site url: http://www.mscriacoes.com.br
MemHT version: 4.0.1
Hosting OS: Linux
PHP and MySQL versions: 5.x
Installed addons/scripts: none
Error/Problem: Users Password

Mem ...
This site has just launched, a friend of mine warned of a possible failure

*

Edited: 26/01/2010 13:16
Reason: (Edited by mem)

..::MS Criações::.. - Criação e Hospedagem de Websites!
..::Memht BRASIL::.. - Comunidade brasileira do MemHT!
Eager for MemHT 5

mem
MemHT's Dad
Admin & Developer

Posts: 6912
Contributes: 4417

Gender: _MALE_

Online: No

Languages: English, Italiano, Македонски, Српски

Date: 26/01/2010 13:15
Re: Possible Vulnerability?

#post23337

Uhm... isn't much useful because nobody can know which password is changed since he doesn't have the id table. But thanks, it's a bug that can be fixed.

pages/users/index.php

Find on row~715

code

if ($chkcode==$code_check2) {

and replace it with

code

if ($chkcode==$code_check2 && !empty($chkcode)) {

Edited: 26/01/2010 13:24

Follow me on twitter if you want to be updated on the MemHT 5 development.

slashado
Donator

Posts: 302
Contributes: 329

Gender: _MALE_

Online: No

Version: 4.0.1
Country: Brasil
Languages: Português, Inglês (via Google), e todas as outras (via google)

Date: 26/01/2010 14:34 Re: Possible Vulnerability?	#post23338
Thanks Mem About the Captcha, I'd like to do some testing reCAPTCHA. What are the files responsible for the Captcha MemHT? ..::MS Criações::.. - Criação e Hospedagem de Websites! ..::Memht BRASIL::.. - Comunidade brasileira do MemHT! Eager for MemHT 5

mem
MemHT's Dad
Admin & Developer

Posts: 6912
Contributes: 4417

Gender: _MALE_

Online: No

Languages: English, Italiano, Македонски, Српски

Date: 26/01/2010 15:46 Re: Possible Vulnerability?	#post23339
imgCode.php is the image itself, but everypage that uses it ha to be changed (the captcha control is in pages) Follow me on twitter if you want to be updated on the MemHT 5 development.