eSyndiCat - Multiple SQL Injection's

SEOdir.net Banned

Messages:: 2,549

Likes Received:: 105

Best Answers:: 0

Trophy Points:: 173

#1

Hello,
there is a exploit that can easy steal admin md5 coded password.
I tested it on some directories and most of them are susceptible to this exploit.

Just to inform you guys.

This exploit has been released in public on 14 July.

Please do not PM me about the url of exploit or other info, just check http://www.esyndicat.com and download the newest version or ask for support.

SEOdir.net, Jul 16, 2007 IP

jetbrains and The Pheonix like this.

britishguy Prominent Member

Messages:: 7,949

Likes Received:: 892

Best Answers:: 0

Trophy Points:: 360

#2

Good information for all the script users
Thanks for posting

britishguy, Jul 16, 2007 IP

jetbrains likes this.

an0n Prominent Member

Messages:: 5,688

Likes Received:: 915

Best Answers:: 0

Trophy Points:: 360

#3

Just do your best to work with esyndicat to help them resolve the issue.

an0n, Jul 16, 2007 IP

YMC Well-Known Member

Messages:: 2,787

Likes Received:: 404

Best Answers:: 4

Trophy Points:: 190

#4

Which version(s) are involved?

YMC, Jul 16, 2007 IP

SergeF Peon

Messages:: 294

Likes Received:: 7

Best Answers:: 0

Trophy Points:: 0

#5

The exploit has been fixed.

SergeF, Jul 16, 2007 IP

jetbrains likes this.

wildweb Peon

Messages:: 143

Likes Received:: 46

Best Answers:: 0

Trophy Points:: 0

#6

SergeF said: ↑

The exploit has been fixed.
Click to expand...

so what version(s) were/are affected?

wildweb, Jul 16, 2007 IP

jetbrains likes this.

jetbrains Well-Known Member

Messages:: 1,747

Likes Received:: 137

Best Answers:: 0

Trophy Points:: 133

#7

Thanks for your info .
I got a replay from support
This problem has been fixed long ago Thanks for that

jetbrains, Jul 16, 2007 IP

SergeF Peon

Messages:: 294

Likes Received:: 7

Best Answers:: 0

Trophy Points:: 0

#8

the exploits exist in 1.2 and 2.0
2.1 version has all these exploits fixed.

We have asked all our customers to upgrade their versions to the latest one. Also an informative newsletter has been dispatched to all our subscribers.

SergeF, Jul 16, 2007 IP

LeopardAt1 likes this.

YMC Well-Known Member

Messages:: 2,787

Likes Received:: 404

Best Answers:: 4

Trophy Points:: 190

#9

Ahh, so this is the exploit I fell victim to back in February. Informative newsletter? When was that sent?

YMC, Jul 17, 2007 IP

wildweb Peon

Messages:: 143

Likes Received:: 46

Best Answers:: 0

Trophy Points:: 0

#10

SergeF said: ↑

the exploits exist in 1.2 and 2.0
2.1 version has all these exploits fixed.

We have asked all our customers to upgrade their versions to the latest one. Also an informative newsletter has been dispatched to all our subscribers.
Click to expand...

An upgrade should ONLY be an option. You "SHOULD" provide a patch. As I and many many others have tried the upgrade from 1.x to 2.x...it's a mess and rarely works. Your support forum is full of unanswered pleas for help to get upgraded. The only time I see an answer to this upgrade problem, is when I see the answer..pay $35 for ES to upgrade it for you. I "did" own a pro version of 1.x and after four attempts at the upgrade, I simply through the script out and replaced it with another one. Such a waste as your 2.x has many enhancements and ES is a great script. Sad to see that your support of a security vulnerability patch and the whole upgrade scenario is lacking.

SO.. I say again...a "patch" should be made available for the affected versions.

I'm sure I'm not the only one that feels this way.

tom

wildweb, Jul 17, 2007 IP

an0n Prominent Member

Messages:: 5,688

Likes Received:: 915

Best Answers:: 0

Trophy Points:: 360

#11

wildweb said: ↑

An upgrade should ONLY be an option. You "SHOULD" provide a patch. As I and many many others have tried the upgrade from 1.x to 2.x...it's a mess and rarely works. Your support forum is full of unanswered pleas for help to get upgraded. The only time I see an answer to this upgrade problem, is when I see the answer..pay $35 for ES to upgrade it for you.

SO.. I say again...a "patch" should be made available for the affected versions.

I'm sure I'm not the only one that feels this way.

tom
Click to expand...

hahaha sounds like another script sad sad sad

an0n, Jul 17, 2007 IP

SergeF Peon

Messages:: 294

Likes Received:: 7

Best Answers:: 0

Trophy Points:: 0

#12

Simon Gooffin says

Hi,

This is a copy of email we sent to subscribed persons on 10/16/06 8:09am Eastern

"Greetings {!firstname},

actually in this newsletter I would like to
announce TWO new packages. It so happened that
both of them were developed at about the same time
so I decided to announce them both in one
newsletter.

First of all, you are strongly recommended to
check and install the new security patch for the
Pro version 1.2.

You can find the details about the patch in this
forum thread:
http://www.esyndicat.com/forum/about7296.html

In brief, the patch fixes the XSS vulnerability on
the search page reported earlier in our forum.
Also, it prevents some potential SQL injections in
user front end and admin panel.

The other package is something that has been
requested many times by our customers, namely, it
is Google Sitemap generator.

Please check the forum thread below where Vincent
describes how to obtain and install the package:
http://www.esyndicat.com/forum/about7301.html"

I took this text in our newsletter history so be sure this email was sent. Personally I do not think it's a must for us to support 1.2 as we have released 3 versions after it. You know Windows 98 is not supported anymore and it's quite logical. There is a newer better version that has all these bugs fixed. Tom, I do not remember if you posted any messages in our support forums. If you check the forums you might see everything is much better there now than you describe Anyone who can not upgrade their versions themselves ask questions in our forums. All of them get at least advice but in more cases technical support. There is one negative feedback against 100 positive ones. I will not try to assure you we are the best and so on. It's you who decide whether to use our software or not.
Click to expand...

SergeF, Jul 17, 2007 IP

The Pheonix Banned

Messages:: 1,233

Likes Received:: 96

Best Answers:: 0

Trophy Points:: 0

#13

Isnt it a case of moving on and F the rest?

A very worrying development indeed. I feel sorry for all those who have the old version.

Kudos to the OP for posting this warning.

The Pheonix, Jul 18, 2007 IP

Log in or Sign up

eSyndiCat - Multiple SQL Injection's

SEOdir.net Banned

britishguy Prominent Member

an0n Prominent Member

YMC Well-Known Member

SergeF Peon

wildweb Peon

jetbrains Well-Known Member

SergeF Peon

YMC Well-Known Member

wildweb Peon

an0n Prominent Member

SergeF Peon

The Pheonix Banned

Useful Searches