Welcome to Geeklog, Anonymous Thursday, November 21 2024 @ 02:11 pm EST

Webservices exploit

  • Thursday, April 09 2009 @ 03:50 pm EDT
  • Contributed by:
  • Views: 13,927
Security

Well, it's getting a bit embarrassing, but here goes:

Bookoo of the Nine Situations Group posted another SQL injection exploit, this time targetting the webservices API in Geeklog. The problem exists in all 1.5.x releases to date. Fortunately, it can be avoided by disabling the webservices like so: Go to

Configuration > Geeklog > Miscellaneous > Webservices

(that's the last set of options on the "Miscellaneous" page) and set "Disable Webservices?" to "True". We'll release an fix ASAP, but this should secure your site for now.