Question CCboard vulnerable to XSS/SQLi - Migrator needed urgently

Hi

As you might or might not be aware of, these are very difficult days for users of ccboard. First, after a very promising start, there has been no updates for about one year. That was still acceptable, no-one can expect regular releases from open source developers.

But now it just got much worse, all of a sudden: On 13.11.2010, CCboard has been removed from the JED (joomla extension directory) because aparently an XSS/SQLi vulnerability has been discovered (Source: docs.joomla.org/Vulnerable_Extensions_List#ccboard ). Unfortunately (or fortunately, depends how you look at it) no further details about the vulnerability have been given.

What this means in a nutshell:
Currently, there are thousands of site owners with a vulnerable installation of CCboard who can't fix it themselves.

Wouldn't this be the perfect time for Kunena to give those thousands of site owners an easy migration path from ccboard to Kunena? If you provide a migrator for ccboard now, nearly all of the ccboard usrs will probably switch to Kunena and be more than grateful for saving their sites from being hacked.

Most of us (yep, I chose ccboard 1.5 years ago, too) are locked in this situation and have no alternative to turn to as there is no forum component with an official ccboard importer. I assume this would be a great marketing scoop for Kunena... I think the time invested in creating such a migrator will be paid with thousands of new installs from Ccboard users...

Please bear in mind that at the moment there is no option at all to move from ccboard to kunena. the migration path often mentioned in this forum (ccboard->agora->kunena 1.5x->kunena 1.6x) is not an option anymore since agora is commercial now (and their converter had issues anyway) and the kunena 1.6 migrator does not support kunena (yet).

If there was a tutorial on how to use the new migration framework to create a ccboard migrator, I would give it a try myself, even being not very skilled in php.

sub

Hello,

If you have an akeeba backup of your site with ccboard datas in it i can make some test with the converter and i haven't yet tested the converter with datas.

Bonjour xillibit

I can quickly create an Akeeba Backup and put it somewhere for you to download. What exactly do you want inside... DB only or full html (that will be huge). do you need the attached images as well (huge, too)? And do you want JPA or ZIP format?

sub

Send it in .zip format, i want the db and html to test avatar import, i don't know in which directory are located the ccboard avatars, maybe just the followings directories :

components/com_ccboard/*
administrator/components/com_ccboard/*
images/*
media/*

Wow... I didn't really expect anybody to look into this so fast. Amazing. Expect a PM with download link and additional information in 5-10 minutes.

EDIT: Information sent by PM. Maybe we can continue this discussion here so other CCboarders can follow

This might be helpful for someone who knows Kunena (I do not...yet) well. Seems like Stipsan, a developer at Ninjaforge has just released a converter ccboard -> ninjaboard.

As it has a GPLv3 license and has been published on snipt, I dare posting the link here:
snipt.net/stipsan/ccboard-converter

Of course I could migrate to Ninjaboard. But to be honest, I see more potential in Kunena than in Ninjaboard and I want to avoid having to migrate again antime during the next 5 years or so I haven't used Ninjaboard myself for more than 5 minutes, so I can in no way judge if my opinion is actually true.

But: Shouldn't a modification of this code to work with Kunena be feasable with overseeable effort?

Sorry I am am pushy in this matter - I try to give back as much as I can to the community by answering (or trying to) questions of other users...

sub