[ic] IC-specific hacking attempt
Jamie Neil
jamie at versado.net
Mon Mar 29 05:11:59 EST 2004
Kevin Walsh wrote:
> Grant [emailgrant123b at yahoo.com] wrote:
>
>>I noticed the following request in my logs and thought I'd mention it to
>>you guys:
>>
>>www.mydomain.com/cgi-bin/mycatalog/__SQLUSER__
>>
>>It's the first hacking attempt I've seen that looks
>>IC-specific. Is there anything I might want to check my system out for?
>>
>
> I can verify the problem on a 5.0 system. I haven't looked at it
> on 5.1 yet, but I suspect that it'll be the same.
>
> Apply the following patch as an emergency fix. The real fix will
> either be the same, or something similar elsewhere.
>
> ----------------------------------------------------------------------
> *** Page.pm 28 Mar 2004 20:29:39 -0000 2.17
> --- Page.pm 28 Mar 2004 20:34:43 -0000
> ***************
> *** 75,80 ****
> --- 75,81 ----
>
> die ::get_locale_message(412, "Missing special page: %s\n", $name)
> unless defined $page;
> + $subject =~ s/_/_/g;
> $page =~ s#\[subject\]#$subject#ig;
> $Vend::PageInit = 0;
> interpolate_html($page, 1);
> ----------------------------------------------------------------------
I'm running a late 4.9.7 CVS version (with various patches from v5.0)
and have confirmed that I do have this problem.
So I applied the suggested patch, checked that
special_pages/missing.html is not using @@MV_PREV_PAGE@@, restarted IC,
but the problem persists :(
I am planning an upgrade to 5.0 in the near future, but I don't really
want to be forced into an upgrade now.
Does this patch rely on code that was fixed/added after 4.9.7?
--
Jamie Neil | <jamie at versado.net> | 0870 7777 454
Versado I.T. Services Ltd. | http://versado.net/ | 0845 450 1254
More information about the interchange-users
mailing list