Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> PHP-Nuke Patched Series By Chatserv
Author Message
ToolBox
Regular
Regular


Joined: Mar 16, 2005
Posts: 74

PostPosted: Sun Sep 04, 2005 3:36 am Reply with quote

Have you ever added categories in "News" admin?

Only "Articles" & "News" are allowed. The others are not.
I traced HTTP::POST and found $title variable is replaced with a string "News." Therefore, except for the predefined category "Articles," all categories you are trying to add is "News." because $title is always $title = "News."

I hope that this bug appears in my case. But, I tested several times with 7.7/ 7.8/ with security patch 2.3.1. Still my case was wrong.

Fixation:
Code:


# ---- [ OPEN ] -----
#
Open /modules/News/admin/index.php file

# ---- [ FIND ] ------
#
# comments: under function AddCategory() function
#
      echo "<center><font class=\"option\"><b>"._CATEGORYADD."</b></font><br><br><br>"
      echo "<center><br>"
      ."<form action=\"".$admin_file.".php\" method=\"post\">"
      ."<b>"._CATNAME.":</b> "
      ."<input type=\"text\" name=\"titlex\" size=\"40\" maxlength=\"40\"> "
      ."<input type=\"hidden\" name=\"op\" value=\"SaveCategory\">"
      ."<input type=\"submit\" value=\""._SAVE."\">"
      ."</form></center>";
#
# --- [ FIND, INLINE ] -------
#
."<input type=\"text\" name=\"title\" size=\"40\" maxlength=\"40\"> "

#
# --- [ REPLACE, WITH] ------
#
."<input type=\"text\" name=\"cat_title\" size=\"40\" maxlength=\"40\"> "

#
# ---- [ FIND ] -----
#
      case "SaveCategory":
      SaveCategory($title);
      break;
#
# ---- [ FIND, INLINE] ------
#
SaveCategory($title);

#
# ----- [ REPLACE, WITH ] -------
#
SaveCategory($cat_title);

#
# ---- EFX
#
 
View user's profile Send private message
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Sun Sep 04, 2005 12:44 pm Reply with quote

Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message Visit poster's website
ToolBox
PostPosted: Sun Sep 04, 2005 4:19 pm Reply with quote

Great, chatserv. I got it.
 
chatserv
PostPosted: Sun Sep 04, 2005 5:41 pm Reply with quote

In concept it's the same issue, renaming the variable.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> PHP-Nuke Patched Series By Chatserv

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©