Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

phpBB "postorder" Parameter Cross Site Scripting
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
karakas
Hangin' Around



Joined: Feb 20, 2004
Posts: 29
PostPosted: Mon Mar 01, 2004 7:06 am Reply with quote
phpBB "postorder" Parameter Cross Site Scripting Vulnerability

I don't know how much this affects PHP-Nuke, since the GET array is checked against "<script>" strings, but could somebody commend on this?
 
View user's profile Send private message Visit poster's website
chatserv
Member Emeritus



Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
PostPosted: Mon Mar 01, 2004 8:51 am Reply with quote
In viewtopic.php find:
Code:
// 


// Decide how to order the post display 


// 


if ( !empty($HTTP_POST_VARS['postorder']) || !empty($HTTP_GET_VARS['postorder']) ) 


{ 


   $post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder']; 


   $post_time_order = ($post_order == "asc") ? "ASC" : "DESC"; 


} 


else 


{ 


   $post_order = 'asc'; 


   $post_time_order = 'ASC'; 


}

Replace with:
Code:
// 


// Decide how to order the post display 


// 


if ( !empty($HTTP_POST_VARS['postorder']) || !empty($HTTP_GET_VARS['postorder']) ) 


{ 


   $post_order = (!empty($HTTP_POST_VARS['postorder'])) ? htmlspecialchars($HTTP_POST_VARS['postorder']) : htmlspecialchars($HTTP_GET_VARS['postorder']); 


   $post_time_order = ($post_order == "asc") ? "ASC" : "DESC"; 


} 


else 


{ 


   $post_order = 'asc'; 


   $post_time_order = 'ASC'; 


}


if (!eregi("^((asc)|(desc))$",$post_order) ) 


{ 


        message_die(GENERAL_ERROR, 'Selected post order is not valid'); 


}

To test it view any topic and at the end of the url add:
Code:
&postorder=chatserv

Not the result kiddies would expect.


Last edited by chatserv on Fri Mar 05, 2004 4:57 pm; edited 2 times in total 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Fri Mar 05, 2004 4:46 pm Reply with quote
See this update [ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message
chatserv
PostPosted: Fri Mar 05, 2004 5:00 pm Reply with quote
Updated mine as well, even while what i had first suggested would do the trick it can't hurt to have both methods., not only do you block the attempt but you let the lamer know you patch your files.
 
Raven
PostPosted: Fri Mar 05, 2004 5:03 pm Reply with quote
Oh I totally agree. I just wanted to let everyone know what the 'official' code was, from the authoring group. Saves answering the questions that would probably come Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©