Comments on: VHCS v2.4.7.1 Pro – DO NOT USE http://ubuntu-tutorials.com/2006/08/15/vhcs-v2471-pro-do-not-use/ Enhancing your Ubuntu experience! Fri, 11 May 2012 05:04:26 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Cliff Wells http://ubuntu-tutorials.com/2006/08/15/vhcs-v2471-pro-do-not-use/#comment-14659 Cliff Wells Wed, 16 Mar 2011 07:47:28 +0000 http://ubuntu-tutorials.com/?p=140#comment-14659 I found major SQL injection paths in VHCS back in 2005. The developers accepted my patches, but didn't seem to quite grasp the severity of the issue (my initial bug report was downgraded) until I submitted an exploit to SecurityTracker, then they became very eager to understand the issue. I spent an entire weekend changing literally hundreds of lines of code to force their SQL through a common function that properly sanitized and escaped their queries. I submitted this and was rewarded with complaints that a couple of pages no longer functioned. I checked and I'd omitted a semicolon on those pages. Nevermind that I had warned them about the rush job I'd done and that they'd need to review all the functionality since I didn't use all of it myself. Anyway, I was left with a bad taste about both their attention to security and their rather unwelcome response to my initial bug report. I avoid them now. It's too bad since it's a rather nice interface. http://securitytracker.com/id/1013703 I found major SQL injection paths in VHCS back in 2005. The developers accepted my patches, but didn’t seem to quite grasp the severity of the issue (my initial bug report was downgraded) until I submitted an exploit to SecurityTracker, then they became very eager to understand the issue. I spent an entire weekend changing literally hundreds of lines of code to force their SQL through a common function that properly sanitized and escaped their queries. I submitted this and was rewarded with complaints that a couple of pages no longer functioned. I checked and I’d omitted a semicolon on those pages. Nevermind that I had warned them about the rush job I’d done and that they’d need to review all the functionality since I didn’t use all of it myself.

Anyway, I was left with a bad taste about both their attention to security and their rather unwelcome response to my initial bug report. I avoid them now. It’s too bad since it’s a rather nice interface.

http://securitytracker.com/id/1013703

]]> By: Nadeem http://ubuntu-tutorials.com/2006/08/15/vhcs-v2471-pro-do-not-use/#comment-7506 Nadeem Mon, 15 Dec 2008 17:00:15 +0000 http://ubuntu-tutorials.com/?p=140#comment-7506 Go for SysCp instead of VHCS Go for SysCp instead of VHCS

]]> By: Wendy http://ubuntu-tutorials.com/2006/08/15/vhcs-v2471-pro-do-not-use/#comment-7497 Wendy Sat, 13 Dec 2008 16:11:57 +0000 http://ubuntu-tutorials.com/?p=140#comment-7497 Can you advise a replacement of VHCS? Can you advise a replacement of VHCS?

]]> By: junksiu http://ubuntu-tutorials.com/2006/08/15/vhcs-v2471-pro-do-not-use/#comment-5651 junksiu Sun, 10 Aug 2008 05:14:43 +0000 http://ubuntu-tutorials.com/?p=140#comment-5651 VHCS don't even host a forum now. So sad... VHCS don’t even host a forum now. So sad…

]]> By: User http://ubuntu-tutorials.com/2006/08/15/vhcs-v2471-pro-do-not-use/#comment-110 User Wed, 28 Nov 2007 20:08:57 +0000 http://ubuntu-tutorials.com/?p=140#comment-110 if you want to use it you should customize it, to cover all the security holes. ;) i find it quite simple to correct the code. hint: find a php programmer with some server administration skills. if you want to use it you should customize it, to cover all the security holes. ;) i find it quite simple to correct the code. hint: find a php programmer with some server administration skills.

]]>