Problem with "[FIX] SQL Injection vulnerability"

[Triple-Axe]

sorry for my bad english


on the page http://kb.swsoft.com/en/2169 is the fix für Plesk 8,2
i have downloaded the file und renamed my old one to class.Session.php.old

when i restart the webserver with "/usr/local/psa/admin/bin/httpsdctl restart"

i have the problem that i cannot login with the admin account or any useraccount

i see the upper part of the login window ( like the normal login windows ) but the lower part is white

the funny part is : when i rename the new class.Session.php to class.Session.php.new and rename my old one from class.Session.php.old to class.Session.php and restart it goes fine

my server is @ strato.de and the hotline say that i have to ask you


mfg

TA

 

[Triple-Axe]

Originally posted by Triple-Axe
sorry for my bad english


on the page http://kb.swsoft.com/en/2169 is the fix für Plesk 8,2
i have downloaded the file und renamed my old one to class.Session.php.old

when i restart the webserver with "/usr/local/psa/admin/bin/httpsdctl restart"

i have the problem that i cannot login with the admin account or any useraccount

i see the upper part of the login window ( like the normal login windows ) but the lower part is white

the funny part is : when i rename the new class.Session.php to class.Session.php.new and rename my old one from class.Session.php.old to class.Session.php and restart it goes fine

my server is @ strato.de and the hotline say that i have to ask you


mfg

TA

no answer ????
no comment ????

 

[Rico Kerster]

Re: Re: Problem with "[FIX] SQL Injection vulnerability"

Originally posted by Triple-Axe
no answer ????
no comment ????

....
be sure you've changed the group to psaadmin.. second make a diff between those two files to see what has changed (you can post the diff output here if you don't get something out of it) and well before you start to do diffs on the two versions, check your webservers logs for any errors, not sure if the login page from plesk needs javascript...

Kind regards
Rico

 

[Triple-Axe]

the original file is ok and i can login
the file from here : http://kb.swsoft.com/en/2169 is not running

i put the original and the update file here

http://www.sawaworld.de/plesk/class.session.php.zip

 

[Rico Kerster]

Urm SWSoft seems to encrypt their php files, so viewing what it is doing (design-related) is not possible... (oh dear closed source stuff)

I was curious enough to take a look at your PLESK login page, now it seems that the old file is there again, could you please remove the session.php again with the new one from swsoft. I'll then take a look at the login page again.

Kind regards
Rico

 

[Triple-Axe]

new file is online

 

[Triple-Axe]

ok can be closed

i have downloaded the file again and now it is ok