1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Problem with "[FIX] SQL Injection vulnerability"

Discussion in 'Plesk for Linux - 8.x and Older' started by Triple-Axe, Sep 17, 2007.

  1. Triple-Axe

    Triple-Axe Guest

    0
     
    sorry for my bad english :(


    on the page http://kb.swsoft.com/en/2169 is the fix für Plesk 8,2
    i have downloaded the file und renamed my old one to class.Session.php.old

    when i restart the webserver with "/usr/local/psa/admin/bin/httpsdctl restart"

    i have the problem that i cannot login with the admin account or any useraccount

    i see the upper part of the login window ( like the normal login windows ) but the lower part is white

    the funny part is : when i rename the new class.Session.php to class.Session.php.new and rename my old one from class.Session.php.old to class.Session.php and restart it goes fine

    my server is @ strato.de and the hotline say that i have to ask you


    mfg

    TA
     
  2. Triple-Axe

    Triple-Axe Guest

    0
     

    no answer ????
    no comment ????
     
  3. Rico Kerster

    Rico Kerster Guest

    0
     
    Re: Re: Problem with "[FIX] SQL Injection vulnerability"

    ....
    be sure you've changed the group to psaadmin.. second make a diff between those two files to see what has changed (you can post the diff output here if you don't get something out of it) and well before you start to do diffs on the two versions, check your webservers logs for any errors, not sure if the login page from plesk needs javascript...

    Kind regards
    Rico
     
  4. Triple-Axe

    Triple-Axe Guest

    0
     
  5. Rico Kerster

    Rico Kerster Guest

    0
     
    Urm SWSoft seems to encrypt their php files, so viewing what it is doing (design-related) is not possible... (oh dear closed source stuff)

    I was curious enough to take a look at your PLESK login page, now it seems that the old file is there again, could you please remove the session.php again with the new one from swsoft. I'll then take a look at the login page again.

    Kind regards
    Rico
     
  6. Triple-Axe

    Triple-Axe Guest

    0
     
    new file is online
     
  7. Triple-Axe

    Triple-Axe Guest

    0
     
    ok can be closed

    i have downloaded the file again and now it is ok
     
Loading...