Posts by: jogai

Posts: 264
Post: 6511
Topic: Links with scandinavian letters (å, ä, ö)

Seems like an iis problem then... I think apache is preffered for gpEasy.

Maybe you can edit the slug. That way the urls dont need to have the special characters in them.

9 years ago
Post: 6382
Topic: Page load issue gpeasy4.0
Try to disable hardware rendering in Firefox. If that helped i'm curious what kind of graphic card you have.
9 years ago
Post: 6312
Topic: move the search box

Use winscp. Instructions are here: http://sysmincomputing.wordpress.com/2011/01/22/winscp/

After connecting you can double-click the file on the remote server and edit it. Be careful because you are editing on the server that way!

9 years ago
Post: 6271
Topic: No right column in firefox
The right column is not showing in firefox and the content of it is visible in the left column.
9 years ago
Post: 6169
Topic: Menu

Implement the following rule:

#menu ul li {
display: inline;
padding: 7px 20px;
margin: 0;
}

The 7px is to increase the hover area.

And then get rid of

#menu ul li ul {
display: none;
margin-top: 1px;
}
9 years ago
Post: 6168
Topic: Vulnerabilities in gpEasy 4.0

Sorry about that; Sometimes I have the urge to answer BS in a Sh*tty way.. I'll try to keep this corner of the internet more civil in the future.

Happy to hear that gpEasy isnt open to these vulnerabilities!

9 years ago
Post: 6068
Topic: Vulnerabilities in gpEasy 4.0

I didn't read it all. just made a quick count. And I don't have a blog myself and even if I did it wouldn't be about pentesting or anything security related. I didn't even say I was a master of anything. I just had a problem with the early and open disclosure.

And since you brought it up; Yours is apparently bigger because I stepped on it.. :-)

Josh is also very kind (although he'll be probably mad at me now) and wants to cooperate. You shouldn't let a random forum user (me) scare you so easily away.

For the record, i'm not affiliated in any way with gpEasy. I'm not even registered as service provider.

 

10 years ago
Post: 6061
Topic: Vulnerabilities in gpEasy 4.0

Responsible disclosure: I think its easy enough to find Josh's contact information to disclose this first to him. He's a nice person and certainly would've given you full credit for finding these bugs. The release cycles are usually short so you wouldnt have to wait long before publishing this anywhere after it was patched. The community is not that big and the uninformed may now think gpEasy is not safe to use. 

The amount of 0day posts on your blog is too damn high!  Thats not Responsible disclosure, thats just disclosure.

I still think phpMyAdmin is crap considering security. I dont think they've shitty code, but security is easy to do wrong.

 

10 years ago
Post: 6028
Topic: Vulnerabilities in gpEasy 4.0

So you're saying that a logged in admin can post html? Well, its the freaking job of a cms to let that happen. Sure an admin can make xss attacks this way. Everyone that runs a site can.

Also you're referring to phpMyAdmin. That shit is vulnarable as hell.

If you're really concerned, you should've mailed the author directly. This forum is open to everyone thus not so different than posting on your 'security blog'. On this forum are users of gpEasy who might get anxious about this without reason.

10 years ago
Post: 6015
Topic: Securiety of flat file if any ?

Its not that different. How did you store the credentials for your databases? Most likely in a flat file... So when your files are compromised in both cases the data is compromised too.

A flat file is not vulnerable to sql injection so that's a nice feature.. :-)

10 years ago

News

elFinder 2.1.50 in Upcoming Release
12/28/2019

A new release for Typesetter is in the works with a lot of improvements including the ... Read More

Typesetter 5.1
8/12/2017

Typesetter 5.1 is now available for download. 5.1 includes bug fixes, UI/UX improvements, ... Read More

More News

Log In

  Register