PhotoPost Community

PhotoPost Community (http://www.photopost.com/forum/)
-   Photopost Pro Installation & Upgrades (http://www.photopost.com/forum/photopost-pro-installation-upgrades/)
-   -   Upgrade & Exploit Prevention Question (http://www.photopost.com/forum/photopost-pro-installation-upgrades/133026-upgrade-exploit-prevention-question.html)

ldk August 24th, 2007 03:39 PM
Upgrade & Exploit Prevention Question
 
It recently sunk in for me how important it is to keep all your scripts up to date in case exploits have been found and fixed! I got hacked and I was running a very old version of PhotoPost (4.8) which might have been what was exploited. I've totally hidden my PhotoPost installation for now and I'm going to upgrade very soon.

My question is this... Upgrading from 4.8 to 5.62...

Is there a chance that a vulnerable php file from 4.8 no longer exists in the 5.6.2 file set and therefore it wouldn't get overwritten or deleted and it would continue to be there and be a risk?

For example, one of the problematic files I've read about is zipndownload.php. If 5.62 doesn't include this file anymore, would the old vulnerable one just remain there?

Or is all this taken into account with the upgrade script?

Obviously I could just delete that one file but there might be others I don't know about...

Thanks for your help!

Chuck S August 24th, 2007 05:22 PM
You can delete old files sure but no old files are used with our script do I doubt they would work.

If you want to be sure delete all php files except the config files and then upload new files


All times are GMT -5. The time now is 08:24 AM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97