Possible security issue in Helpcenter Live!

Hmm doesn't seem like they have a real fix for this yet either...
I am using this but only for live chat, great script but not when I see something as bad as this :eek:

Hopefully there will be a real fix found soon, any idea if this problem is only for specific versions or for all?
 
Good news.

It looks like they've figured out the vulnerabilty and a patch, my problem is that I'm such a noob to php, that I can't figure out how to apply the patch!



John
 
John,

Actually it was discovered that it isn't an HCL issue, moreso a PHP setting. It's with the register_globals being tuned on in your php.ini (which is crazy! :eek: ).

What they have done is added the settings in their config.php file. If you look at the thread posted above, you will see all the dialogue.
 
Ah right thanks, I will check what the patch is, if it only effects people that have register_globals on then that's a lot different than a hole in the script :)
Off topic but...has anyone tried to customise HCL?
I am using it but only for live chat, I have perl desk for my ticket system, if it is easy to skin, I might consider using HCL for everything instead of seperating them.
 
John,

From what I've heard, it is somewhat difficult to do (but some have done it).

I'd also recommend staying with your current tt system as I did here that they are going to be taking the tt & faq system out (not sure when).

There is a setting in the config where you could turn off the tt system and replace it with a support email address (hopefully, PerlDesk has piping and you could use that address; I use CE so I don't know about PerlDesk having piping capability).
 
You must log in or register to reply here.

Latest posts

Forum supporters

Members recently online

Total: 12

Forum statistics

Threads
80,910
Messages
248,433
Members
20,678
Latest member
hostys
Top