Open call for Board Member and Moderator positions in Coin Return. More information here.
You can now pre-register your username on Coin Return. Check out the instructions here.
Forum Rules Ratification poll is live. Please vote. Open until March 25th.
Security Update.
Älphämönkëy
Registered User regular
Registered User regular
I made a quick security update. If you own\administer your own phpBB board, I advise you do the same
[quote=psoTFX]Open viewtopic.php in any text editor. Find the following section of code:
[quote=psoTFX]Open viewtopic.php in any text editor. Find the following section of code:
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
for($i = 0; $i < sizeof($words); $i++)
{
and replace with:
//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
for($i = 0; $i < sizeof($words); $i++)
{
[/quote] Älphämönkëy on
0
Posts
I didnt know about this one
*** phpbb210/includes/functions.php Sun Jul 18 01:13:57 2004 --- phpbb2011/includes/functions.php Thu Nov 18 21:02:11 2004 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : [email]support@phpbb.com[/email] * ! * $Id: functions.php,v 1.133.2.32 2004/07/17 13:48:31 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : [email]support@phpbb.com[/email] * ! * $Id: functions.php,v 1.133.2.33 2004/11/18 17:49:42 acydburn Exp $ * * ***************************************************************************/ *************** *** 74,79 **** --- 74,89 ---- return false; } + // added at phpBB 2.0.11 to properly format the username + function phpbb_clean_username($username) + { + $username = htmlspecialchars(rtrim(trim($username), "\\")); + $username = substr(str_replace("\\'", "'", $username), 0, 25); + $username = str_replace("'", "\\'", $username); + + return $username; + } +Thats nasty.More about hashes please!
we also talk about other random shit and clown upon each other
Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
OH NOES!
Yeah, I know nothing about php.
... did you mean until after the "january" upgrade? or ever?
similar to split, but without the regex
I don't understand Maori either.
What is it...something to do with the word highlight thing when you're viewing a thread that works when you do a search...so a word split does what? Something to do with testing each word to see if it matches the word you've told it to highlight presumably. Right? What made that a security issue before?
I think what Deusfaux is trying to say is that he doesn't understand the difference between "new features" and "security patches".
CUZ THERE'S SOMETHING IN THE MIDDLE AND IT'S GIVING ME A RASH
I don't think the forums crashing would be the end of the world. :P
Also, you never did answer my question as to how this is a security flaw. I must be having a stupid moment cuz I'm sure it's really easy to figure out. If it's sooper seekrit, would you mind PM/IMing me rather than making it public.
Thanks.
Its not the forums I worry about, it is the main site. We share the same uid as far as PHP is concerned, you can see where that leads. I'll IM you.
http://secunia.com/advisories/13239/
I don't know what an injection attack is unless we're talking like implanting alien eggs in the site or something
Injection attacks in the general sence mean that you are able to "inject" some code somewhere you shouldn't.
A classic example would be if someone doesn't check a username properly before putting it into the database. This can then allow someone to change the query to change the database, such as by giving them admin rites.
Injection attacks can happen anywhere you use a user suppled sting in a way that it can be executed. SQL injections (like the one described above) are probably the most common, but in some situations it's also possible to have insertion attacks that affect html or even have code executed on the command line.
I think I meant exactly what I asked, dumbshit:
So I asked if that held for just until after the Jan upgrade or ever, or when. Alpha answered it in exactly the way it asked. Dont know why you felt you needed to get involved. Don't pretend "to be nice".
sorry, that was built up from reading snide comment after comment aimed at myself from him, here in Monkey Den. i will go back to ignoring them, and hope he gives it up.
looking forward to january and thereafter though :^:
Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.