amelierosalyn

Skip navigation

PHPAskIt Security Vulnerability - NOT TRUE!

It has been brought to my attention that there is a serious security vulnerability within all versions of PHPAskIt, which states that the conversion scripts for Wak's Ask&Answer and the classic Ask&Answer can be hacked through the directory variables.

The security vulnerability is a hoax. The import files CANNOT be hacked through the $qadir and $dir variables even with register_globals on.

I find it such a shame that the person who discovered this has gone round telling everyone who will listen that my script's insecure (and every major security site there is) but 1) won't inform me (I found out through a Google search) and 2) makes things up. I've contacted them several times but each time the mail has bounced back. *Rolls eyes* How mature.

Please note: this post is now over 1 decade old.

Older posts are archived for historical reasons and also for those who may find their contents useful. Facts, links or opinions within this article are likely to have changed; the article itself may also no longer represent my own views on the subject. Please bear this in mind when reading these posts.

Comments (3)

  1. I guess some people just have nothing better to do with their time.

    Lee's Gravatar Lee on

  2. -scratches head- I guess that's one way to get your fifteen minutes of fame. Sorry you have to put up with that!

    Jordie's Gravatar Jordie on

  3. *sigh* Sorry you had to deal with it Amelie but at least it was a hoax :)

    Jamie's Gravatar Jamie on

Previous entry: CodeGrrl scripts: security flaw | Next entry: Why I don't like target=_blank