Closed (works as designed)
Project:
FCKeditor - WYSIWYG HTML editor
Version:
6.x-2.3
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
18 Dec 2012 at 10:08 UTC
Updated:
4 Jan 2013 at 06:07 UTC
Even the latest version is not secure, here is my access log before the server had been hacked.
example.com:80 110.77.249.137 - - [09/Sep/2012:07:56:03 +0700] "POST /index.php?q=fckeditor/xss HTTP/1.1" 200 20 "http://example.com/node/101010" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1"
Even worse that fckeditor is not developed any more. Has any one face this problem too, I appreciate any kind of your help eg. server settings, modified version of the module, latest fckeditor code etc.
Comments
Comment #1
noomz commentedClosed, the site that had been hacked use another version