Daboweb

PHPBB2 2.0.13 Critical update

Publicado por Dabo on Febrero 28, 2005
Webmaster

URGENTE... Actualizacion crítica de phpbb2 2.0.12 que solventa 2 vulnerabilidades graves que permiten hacerse con los derechos de administrador del foro entre otras cosas… GRACIAS A NERVIOZZO POR AVISAR XD





The first issue is critical (session handling allowing everyone gaining
administrator rights) and we urge you to fix it on your forums as soon
as possible:

Abrir includes/sessions.php

Find:

Code:
if( $sessiondata['autologinid'] == $auto_login_key )

Replace with:

Code:
if( $sessiondata['autologinid'] === $auto_login_key )



A second minor issue reported to bugtraq several days ago was the
path disclosure bug in viewtopic.php which got fixed by applying the
following steps:



Open viewtopic.php

Find:

Code:
$message
= str_replace(’\”‘, ‘”‘,
substr(preg_replace(’#(\>(((?>([^><]+|(?R)))*)\<))#se’,
“preg_replace(’#\b(” . $highlight_match . “)\b#i’, ‘
style=\”color:#” . $theme['fontcolor3'] .
“\”>\\\\1‘, ‘\\0′)”, ‘>’ .
$message . ‘<’), 1, -1));

Replace with:

Code:
$message
= str_replace(’\”‘, ‘”‘,
substr(@preg_replace(’#(\>(((?>([^><]+|(?R)))*)\<))#se’,
“@preg_replace(’#\b(” . $highlight_match . “)\b#i’, ‘
style=\”color:#” . $theme['fontcolor3'] .
“\”>\\\\1‘, ‘\\0′)”, ‘>’ .
$message . ‘<’), 1, -1));


Comparte este contenido de Daboweb

Technorati Tags: ,

Entradas relacionadas

Tags: ,

Aún no hay comentarios.

Deja un comentario

WP_Big_City

Cerrar
Enviar por Correo