lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <008501c38b7c$67059310$050010ac@rootserver>
Date: Sun, 5 Oct 2003 22:08:00 +0200
From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@...g-security.com>
To: "Bugtraq" <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com>
Cc: "SecurityTracker" <bugs@...uritytracker.com>
Subject: Do not use the fix in lib-common.php . use in lib-security.php at /system/ dir


If you use the fix in your lib-common.php you will damage your geeklog
installation.
Use instead in lib-security.php ;-) at the [your geeklog core files , not
html]/system
Include the fix  after <?php tag.
----- THE FIX ----
foreach ($HTTP_GET_VARS as $secvalue) {
    if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*span*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*h1*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*table*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*pre*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*em*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*input*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*td*\"?[^>]*>", $secvalue)) ||
 (eregi("<[^>]*option*\"?[^>]*>", $secvalue)) ||
 (eregi(";", $secvalue)) ||
 (eregi("'", $secvalue)) ||
 (eregi("ยด", $secvalue)) ||
 (eregi("`", $secvalue)) ||
(eregi("+", $secvalue)) ||
 (eregi("\"", $secvalue))) {
 die (";-) whereis lammer lammer: you");
    }
}
----- <<EOF -----

The advantage of this method is that all files of geeklog are using
lib-common.php and the lib-common.php script includes the code of
lib-security.php , al the things can be controlled by one script , thi is
more easy than edit all the independant files of the html dir and include
the fix.
Enjoy !
Regards,
------------------------------------------------------
Lorenzo Hernandez Garcia-Hierro
---       Security Consultant           ---
------------------NSRGroup-------------------
PGP: Keyfingerprint
D185 3555 8ECD 3921 6B21  ACC6 CEBB 2826 4B4C 283E
ID: 0x4B4C283E
Size: 4096
**********************************
NSRGroup
( No Secure Root Group Security Research Team ) /
( NovaPPC Security Research Group )
http://www.nsrg-security.com
______________________


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ