• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Problem with "[FIX] SQL Injection vulnerability"

T

Triple-Axe

Guest
sorry for my bad english :(


on the page http://kb.swsoft.com/en/2169 is the fix für Plesk 8,2
i have downloaded the file und renamed my old one to class.Session.php.old

when i restart the webserver with "/usr/local/psa/admin/bin/httpsdctl restart"

i have the problem that i cannot login with the admin account or any useraccount

i see the upper part of the login window ( like the normal login windows ) but the lower part is white

the funny part is : when i rename the new class.Session.php to class.Session.php.new and rename my old one from class.Session.php.old to class.Session.php and restart it goes fine

my server is @ strato.de and the hotline say that i have to ask you


mfg

TA
 
Originally posted by Triple-Axe
sorry for my bad english :(


on the page http://kb.swsoft.com/en/2169 is the fix für Plesk 8,2
i have downloaded the file und renamed my old one to class.Session.php.old

when i restart the webserver with "/usr/local/psa/admin/bin/httpsdctl restart"

i have the problem that i cannot login with the admin account or any useraccount

i see the upper part of the login window ( like the normal login windows ) but the lower part is white

the funny part is : when i rename the new class.Session.php to class.Session.php.new and rename my old one from class.Session.php.old to class.Session.php and restart it goes fine

my server is @ strato.de and the hotline say that i have to ask you


mfg

TA
Click to expand...


no answer ????
no comment ????
 
Re: Re: Problem with "[FIX] SQL Injection vulnerability"

Originally posted by Triple-Axe
no answer ????
no comment ????
Click to expand...
....
be sure you've changed the group to psaadmin.. second make a diff between those two files to see what has changed (you can post the diff output here if you don't get something out of it) and well before you start to do diffs on the two versions, check your webservers logs for any errors, not sure if the login page from plesk needs javascript...

Kind regards
Rico
 
Urm SWSoft seems to encrypt their php files, so viewing what it is doing (design-related) is not possible... (oh dear closed source stuff)

I was curious enough to take a look at your PLESK login page, now it seems that the old file is there again, could you please remove the session.php again with the new one from swsoft. I'll then take a look at the login page again.

Kind regards
Rico
 
ok can be closed

i have downloaded the file again and now it is ok
 
You must log in or register to reply here.

Similar threads

Pagemakers
SQL Injection Vulnerability in Plesk
Replies
0
Views
4K
Pagemakers
Pagemakers
I
Performing a Security Update?
Replies
6
Views
11K
breun
B
W
SQL Injection Fix - HELP!!
Replies
7
Views
4K
wilke
W
Back
Top