Jonathan Hernandez
Jaws Wiki
Now we have a Wiki for Documentation and Ideas.
Jaws 0.4 Security fix
JAWS 0.4 has a security bug in gadgets/controlpanel.php that allows to login to JAWS Control Panel doing a sql injection to login query.
Example:
If you change the function crypt_form in your templates/controlpanel/login.html like this:
function crypt_form(form) {
var new_password = calcMD5(form.password.value);
form.crypted_password.value = "' or '2'='2";
form.password.value = "";
return true;
}
To fix this issue, please replace your gadgets/controlpanel.php with this:
http://jaws.com.mx/data/files/controlpanel.php.txt
Thanks to Fernando Quintero for report it
Example:
If you change the function crypt_form in your templates/controlpanel/login.html like this:
function crypt_form(form) {
var new_password = calcMD5(form.password.value);
form.crypted_password.value = "' or '2'='2";
form.password.value = "";
return true;
}
To fix this issue, please replace your gadgets/controlpanel.php with this:
http://jaws.com.mx/data/files/controlpanel.php.txt
Thanks to Fernando Quintero for report it
JAWS 0.4 released
JAWS 0.4 (Well It's True That We Love One Another) has been released, you can see our Release notes and download it here.
And because everybody loves screenshots, JAWS 0.4 screenshots
And because everybody loves screenshots, JAWS 0.4 screenshots
JAWS 0.3 Security fix
JAWS 0.3 has a security bug in index.php that allows to load files that aren't JAWS gadgets.
Example:
http://example.com/index.php?gadget=../../../../../../../etc/passwd%00
To fix this issue, please replace your index.php with this:
http://jaws.com.mx/data/files/index.php.txt
Thanks to Fernando Quintero for report it
.
Example:
http://example.com/index.php?gadget=../../../../../../../etc/passwd%00
To fix this issue, please replace your index.php with this:
http://jaws.com.mx/data/files/index.php.txt
Thanks to Fernando Quintero for report it
.JAWS Coding Guidelines
In order to keep our code consistent and pretty, please use the following guidelines.