![]() It was a *lot* of work/stress that could have been easily avoided. On PGV, two of the 4.x.y releases were caused by this sort of module - we were forced to alter PGV slightly (to break compatibility), and then push out upgrades, so that people who'd unwittingly downloaded it would be secure. I've seen the same, defective, code copied time after time. If it is now secure, then why withdraw it? I shall witdraw the component from the general public. Still, it's quite secure now on my system so, thank you for the security pointers. Sadly, judging by the hostility encountered so far, I don't think that's likely to happen. However, as Joomla and webtrees use different encryption methods, the password field in webtrees would need to be set at varchar 100 instead of 64 for it to work correctly. But that would be harder than attempting to guess the password at the login screen. The only way in now is to guess the correct user password. Well, i've managed to overcome that as well by password matching. Now visit jwtbridge.php and hey-presto! You are logged in as an administrator. ![]() Simply set one cookie, containing the admin user name. ![]() It will either be in the contact links, or one of the CHAN records. Suppose I can "guess" the name of an admin user. However, good point, and I will make the webtrees language identifiers available as an option in the back end.Ĭonnexion ou Créer un compte pour participer à la conversation.įisharebest écrit: OK, I've installed the upgrade. It is derived from Joomla's standard language identifiers and is output depending on the language in use. The language one is not hard coded actually. New version available now which addresses that issue.Īnd there were others written? They must have been well hidden then, as I and many others looked and never found. Firebug lets me resize it to something bigger. Will people ever learn?įisharebest écrit: OK, after lots of guessing, the following URL seems to work It is showing me webtrees is a very small (300x150) iframe. This is the BLOODY SAME vulnerability that has affected EVERY webtrees-CMS bridge that has ever been written. Now, visit jwtbridge.php and hey-presto! An account with "manager" permissions!Ĭan I advise everybody to give this application a VERY wide berth. I'm using Firefox's web-developer toolbar, but lots of tools let you do this (not really important, but you've got en-GB hard-coded, which does not exist, so falls back to en_US.) The script picks up its parameters from cookies, so let me set a few. It creates a guest account and logs me in. (I got suspicious when it asked me to make the directory writable!!!) The installer has created a file jwtbridge.php in my webtrees install directory. Trying to do both will make it messy (if you even what user registration that is)Ģ) If you do use Joomla, and use a decent backup software like Akeeba then also get it to backup your WP database.OK, after lots of guessing, the following URL seems to work It is showing me webtrees is a very small (300x150) iframe. If you have PHP/MySQL experience on the Joomla template you could create a query to the WP database to get article information so you could have "latest news" or something in the side coloumn.ġ) Don't try and have users get confused. ![]() ![]() So accessing your store would be by going to You will need to manually add links to each site and it will be harder to maintain. Have WP installed on your root, then create a sub folder - something like products or store in which to install Joomla 3.x. They will have to be two separate systems, and you will need to create a template for Joomla to match WordPress. You can't make one CMS run inside the other. I would recommend using Joomla over WordPress, that said it doesn't answer your question. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |