This morning we were notified of a problem within the authentication system of eXtplorer by Brendan Coles of itsecuritysolutions.org. Versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 have found to be vulnerable to an authentication bypass bug.
This bug has been fixed in the latest release of eXtplorer (2.1.3), which you should download and install/upgrade immediately!
If you just want a quick fix, please download the attached file called users.php and put it into the eXtplorer subfolder "/include", in Joomla! installations it can be found under "/administrator/components/com_extplorer/include". Just replace the existing file with this new one.
eXtplorer 2.1.2 is available now, which fixes an installation problem on Joomla! 2.5.
Another small fix also hides the top and bottom bar on J! 3.0, so the application is more usable.
The latest release of eXtplorer - version 2.1.1 - brings compatibility to Joomla! 3.0, which is the current latest version. No features have been added or bugs been resolved. So if you need eXtplorer for us in Joomla! 3.0, you must use eXtplorer 2.1.1 (or later).
Long time I wondered why nobody posted topics here at explorer.net, but it turned out that the URL rewrite functionality wasn't properly configured. This has now been resolved: posting on the boards here at extplorer.net is now working.
eXtplorer 2.1.0 (stable) is available now! It's a security release, which fixes a medium-impact XSS vulnerability found by Han Lee via Secunia SVCRP. There are no new features, just smaller bug fixes.
Make sure you grab your copy now and update as soon as possible!
The development version of eXtplorer 3 is now ready for testing. I heavily worked on compatibility with ExtJS 4.1 and that required me to refactor the application into a MVC-based Javascript application (just as the ExtJS 4 architecture enforces).
You can have a look at the new version in SVN - just load your copy using a Subversion client and report your errors back!
The latest major version of ExtJS, version 4, has been released some months ago. It brings new features and a complete new API. Read more about changes in ExtJS 4. It has evolved to a web framework that provides tools and API for anything one needs to run a web app on various devices. With the enforcement of a MVC (Model-View-Controller) structure, the code of eXtplorer will be refactored to become more flexible, understandable and scalable.
I'm currently in the process of rewriting the Javascript code and fighting against bugs and forgotten commas. Stay tuned for updates on the progress...
The latest version is just s small update, it fixes the functionality to change passwords for users. Everyone should update to this version, because otherwise you can change the initial password through the admin interface.
A new version of eXtplorer is available!
The following changes have been incorporated:
- works with J! 1.7
- implemented PHPass Library for more secure hashing of passwords: http://www.openwall.com/phpass/ (backwards compatible with previous md5 hashing method)
- updated to ExtJS 3.4.0 (brings support for IE9)
- fixed file-disclosure issue reported by colonelxc
- support for files with non-ascii chars for editing (thanks gr8ron)
- fixed a fatal error in the webdav module
- added ability to load without fetchscript.php (when it's inaccessible due to server permission problems)
Make sure you download the new version now!
The new eXtplorer version includes the following changes:
- updated to ExtJS 3.3.1
- fixed Flash Upload
- updated to SWFUPload 2.5 beta
- fixed deprecated warnings because of ereg functions
- fixed some FTP file operations (upload, copy, move, delete)
- fixed visibility of user form fields (form appeared empty)
- fixed editable file types detection (+ added .ini)
Get your copy now!