With news reports of bank websites being compromised, and personal information being stolen, it’s hard not to forget about the would be hackers and their quest to take over the world. (Ok, maybe not that last bit)
Well, it has come to our attention that on a Windows based web server with the PHP setting “register_globals” enabled, a hacker could use Pixelpost maliciously to read files located on the server.
If you are running Pixelpost v1.7.1, and are on a Windows server, please download the security patch below to play it safe. (It won’t hurt you if you’re on a Linux box either)
If you are running a version of Pixelpost older than 1.7.1, we recommend you upgrade to the latest version, which is available on our home page, as it already includes this patch. That way your photoblog will be safe and sound.
Download: Pixelpost 1.7.1 - Security Patch 1 (9 KB)
You can follow any responses to this entry through the RSS 2.0 feed. Trackback from your own site.
Thanks Jay! I just got my PP install updated with the patch.
Why do you think that only Windows servers are affected? I’m quite sure (even though I don’t know the exact code before the patch) that the vulnerability exists on Linux and any other platform as well.
And *please* increase the version number if you fix something!
Gracias por los archivos de seguridad! se agradecen!
Saludos
Thanks for the security patch. I am looking forward to see the new version of pixelpost.
I have updated the index file, but every one or two days, the pixelpost blog gets back infected. i understand that this update is not for the infection, but could you tell me what i could do to prevent infection?