For anyone with an AATraders installation, PanamaJack (see his blog link from the left panel) has released a security patch recently for the 0.21 branch. This also coincides with the release of a full patched version of the game.

This fixes an apparently obscure exploit which may allow a hacker to gain access to a server where the config_local.php file is missing – i.e. when you take the common approach of manual installation using phpMyAdmin and an editor.

PanamaJack’s Blog also notes further changes being made including a register_globals emulation to avoid actual register_global exploits. You can read the full entry over on the blog.

EDIT: Maugrim will learn to proof read before posting. PanamaJack has commented – “Actually we are not adding a Register Globals emulation but we are removing the emulation that was included.” My apologies for the confusion – you’d think I’d know better than writing about register_globals emulation being a security improvement…doh! Proof read – must remember that ;-).

Its very difficult to keep any application free from security exploits, but its good to see that not every PHP game is so blasé about security.

No related posts.