MonitorWare Knowledge Base

[bgshea]

Anyone that is interested in testing the mulitple security fixes is welcome to download a modified version of phpLogCon-1.2.1

http://www.hackthebox.org

I dont gaurentee it to work, but it does work on my server. You will need to modify the config.php file manually. You should install this in a seperate path and !!!NOT!!! over you existing install!!!

Please note I've added two defines that will need to be set to your hostname and install path, as your browser will see it.

i.e. www.yourdomain.tld/path_to_phplogcon/

so if you alias path_to_phplogcon you still use path_to_phplogcon.

If you have trouble, please reply to this post, I'll try to get them fixed.

There is a list of changes on the site.

90% of my changes are marked

// BGS -- some notes here

// BGS end

BFN -- I respect the privacy of other, therefore, i have NOT added any code that would expose your logs!!! I don't claim this is perfect, there may be other issues that still remain. I do need someone else to test this and validate any fixes. I've included a file that wil tell you how to bypass the login on phpLogCon-1.2.1 that way you can test origial to fixed versions. The file is called howto.html

Thanks,

Brian

[alorbach]

Hi Brain,

thanks a lot for posting information's about all the bugs you have found !
We will look into this and add your fixes into the code after review.
You will be contacted again soon.

best regards,
Andre Lorbach
Adiscon