You are here: Big Brother Bot ForumAdd-OnsEchelon[Attention] Security vulnerability
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: [Attention] Security vulnerability  (Read 676 times) Bookmark and Share
mash
Jr. Member
**
OS: Windows
Type: --No B3 installed--
Gameservers: CoD7
Posts: 36
Offline Offline
WWW
« on: October 21, 2011, 05:47:42 AM »
Hello admins,

there is a security vulnerability in the Echelon v.2.0b.1.

Please contact me, so that i can explain you the existing security vulnerability.


Greetings,

Ma$H
Logged
Gamers - Extreme | www.g3x-clan.de
Garreth
Beta Testers
*
OS: Linux
Type: Owner dedicated server(s)
Gameservers: UrT
Posts: 244
Offline Offline
« Reply #1 on: October 21, 2011, 06:01:54 AM »
Current Echelon v2 version can be found in this github: https://github.com/WickedShell/echelon , recheck if this has this vulnerability.
Logged
Looking for Polish servers?
WickedShell
Dev. Team
*
OS: Linux
Type: Home user
Gameservers: UrT
Posts: 198
Offline Offline
WWW
« Reply #2 on: October 21, 2011, 04:57:51 PM »
I sent him a PM, well see what comes back. Things can always be emailed to me as well.
Logged
EchelonV2 Development; https://github.com/WickedShell/echelon

EchelonV2 Issue Tracker; https://github.com/WickedShell/echelon/issues
Garreth
Beta Testers
*
OS: Linux
Type: Owner dedicated server(s)
Gameservers: UrT
Posts: 244
Offline Offline
« Reply #3 on: October 22, 2011, 12:22:15 AM »
He can't PM you back here. PM messages are blocked for ordinary people:(
Logged
Looking for Polish servers?
mash
Jr. Member
**
OS: Windows
Type: --No B3 installed--
Gameservers: CoD7
Posts: 36
Offline Offline
WWW
« Reply #4 on: October 22, 2011, 04:41:41 AM »
Hey,

WickedShell i sent you an e-mail to your e-mail-account "Wicked.Shell.Scripts@gmail.com" with a description of the security vulnerability.


Greetings,

Ma$H
Logged
Gamers - Extreme | www.g3x-clan.de
WickedShell
Dev. Team
*
OS: Linux
Type: Home user
Gameservers: UrT
Posts: 198
Offline Offline
WWW
« Reply #5 on: October 24, 2011, 01:07:00 PM »
Absolutely right, I will have a fix pushed out this evening. (Will just be incorporated into what I was already about to push out, I will just leave a feature commented out for now)
Logged
EchelonV2 Development; https://github.com/WickedShell/echelon

EchelonV2 Issue Tracker; https://github.com/WickedShell/echelon/issues
WickedShell
Dev. Team
*
OS: Linux
Type: Home user
Gameservers: UrT
Posts: 198
Offline Offline
WWW
« Reply #6 on: October 24, 2011, 06:05:36 PM »
Should be fixed as mentioned here. Thank you for sharing.

http://forum.bigbrotherbot.net/echelon-version-2/%28security%29-version-2-0b-2/
Logged
EchelonV2 Development; https://github.com/WickedShell/echelon

EchelonV2 Issue Tracker; https://github.com/WickedShell/echelon/issues
mash
Jr. Member
**
OS: Windows
Type: --No B3 installed--
Gameservers: CoD7
Posts: 36
Offline Offline
WWW
« Reply #7 on: October 25, 2011, 12:27:32 AM »
Thank you for updating the files. Smiley

I have one question. My old echelon/inc/config.php looks like:

http://pastebin.com/CR96wGbA

The new one is more smaller:

https://github.com/WickedShell/echelon/blob/version2/echelon/inc/config.php

Where are the other commands of the old config.php?



Greetings,

Ma$H
« Last Edit: October 25, 2011, 12:32:01 AM by mash » Logged
Gamers - Extreme | www.g3x-clan.de
WickedShell
Dev. Team
*
OS: Linux
Type: Home user
Gameservers: UrT
Posts: 198
Offline Offline
WWW
« Reply #8 on: October 25, 2011, 04:11:08 AM »
inc/config.php is generated upon install of echelon, the new one you see there is the tiny stock one that gets you to the installer. In the update thread I mention the two changes you need to make to inc/config.php manually, if you don't want to do the entire install process. (Although if you do the install process it will not mess up any user names, passwords, database stuff, it's just gonna take the time to type in the DB config, and admin email again.
Logged
EchelonV2 Development; https://github.com/WickedShell/echelon

EchelonV2 Issue Tracker; https://github.com/WickedShell/echelon/issues
mash
Jr. Member
**
OS: Windows
Type: --No B3 installed--
Gameservers: CoD7
Posts: 36
Offline Offline
WWW
« Reply #9 on: October 25, 2011, 05:23:19 AM »
Quote from: WickedShell on October 25, 2011, 04:11:08 AM
inc/config.php is generated upon install of echelon, the new one you see there is the tiny stock one that gets you to the installer. In the update thread I mention the two changes you need to make to inc/config.php manually, if you don't want to do the entire install process. (Although if you do the install process it will not mess up any user names, passwords, database stuff, it's just gonna take the time to type in the DB config, and admin email again.

Ok thank you.

And what i have to change manually at my current inc/config.php file? Where i find the new modifications of this file?



Greetings,

Ma$H
« Last Edit: October 25, 2011, 05:25:34 AM by mash » Logged
Gamers - Extreme | www.g3x-clan.de
MordyT
Support Hero
*
OS: Windows
Type: Gameserver Rental Co.
Gameservers: 2x CoD4, 1x BF3
Posts: 2625
Offline Offline
Owner of Host4B3.com - Over 70 bots hosted!
WWW
« Reply #10 on: October 25, 2011, 05:40:35 AM »
Changes are here:
http://forum.bigbrotherbot.net/echelon-version-2/%28security%29-version-2-0b-2/msg29625/#msg29625

2 changes, 1 is version number, and one is list of support games.
Logged
Need B3 Bot hosting? Check out Host4B3.com
Check Twitter.com/Host4B3 for updates if the site it down.

Help will be given to those with a b3.log

System: Python 2.7.1 - B3 Source Code - Locally hosted MySQL & Apache - Win 2k3
Tags:
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  


Rate this page +1 at Google Search


SimplePortal 2.3.1 © 2008-2009, SimplePortal