lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <40185E71.8060009@michealcottingham.com>
Date: Wed, 28 Jan 2004 20:14:25 -0500
From: Micheal Cottingham <micheal@...healcottingham.com>
To: bugtraq@...urityfocus.com
Subject: Re: Fw: phpBB privmsg.php XSS vulnerability patch.


I'm going to regret replying to this as many people seem to abuse 
autoresponders and I end up with 50+ emails saying so-and-so is out of 
the office ...

If you think you have found a security hole with phpBB, contact the 
security email address ... I assure you they won't bite your head off 
for notifying them, even if it turns out to be a false alarm.

International Veneer Co., Inc. wrote:

>----- Original Message ----- 
>From: "Shaun Colley" <shaunige@...oo.co.uk>
>To: <bugtraq@...urityfocus.com>
>Sent: Wednesday, January 28, 2004 10:39 AM
>Subject: phpBB privmsg.php XSS vulnerability patch.
>
>
>For those who have not yet installed the phpBB
>packages fixing the XSS vulnerability in privmsg.php
>documented at <http://www.securityfocus.com/bid/9290>
>and the groupcp.php vulnerability, or for those who do
>not want to download the new packages, the following
>patches can be quickly and easily applied to patch the
>vulnerabilities:
>
>
>---CUT---
>--- privmsg.php 2003-07-20 11:42:23.000000000 -0400
>+++ privmsg.1.php 2004-01-27 13:58:41.000000000 -0500
>@@ -58,6 +58,7 @@
> if ( isset($HTTP_POST_VARS['folder']) ||
>isset($HTTP_GET_VARS['folder']) )
> {
>  $folder = ( isset($HTTP_POST_VARS['folder']) ) ?
>$HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];
>+$folder = htmlspecialchars($folder);
>
>  if ( $folder != 'inbox' && $folder != 'outbox' &&
>$folder != 'sentbox' && $folder != 'savebox' )
>  {
>@@ -102,6 +103,7 @@
> if ( !empty($HTTP_POST_VARS['mode']) ||
>!empty($HTTP_GET_VARS['mode']) )
> {
>  $mode = ( !empty($HTTP_POST_VARS['mode']) ) ?
>$HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
>+ $mode = htmlspecialchars($mode);
> }
> else
> {
>---CUT---
>
>Apply the patch:
>
>patch privmsg.php phpbb2-xss.patch
>
>
>
>And:
>
>
>---CUT---
>--- groupcp.php 2004-01-27 15:14:46.000000000 -0500
>+++ groupcp.1.php 2004-01-27 15:11:10.000000000 -0500
>@@ -22,6 +22,7 @@
>
> define('IN_PHPBB', true);
> $phpbb_root_path = './';
>+$memberval = intval($members[$i]);
> include($phpbb_root_path . 'extension.inc');
> include($phpbb_root_path . 'common.'.$phpEx);
> mem
>@@ -137,6 +138,7 @@
> if ( isset($HTTP_POST_VARS['mode']) ||
>isset($HTTP_GET_VARS['mode']) )
> {
>  $mode = ( isset($HTTP_POST_VARS['mode']) ) ?
>$HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
>+ $mode = htmlspecialchars($mode);
> }
> else
> {
>@@ -590,7 +592,7 @@
>  $sql_in = '';
>  for($i = 0; $i < count($members); $i++)
>  {
>- $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) .
>$members[$i];
>+ $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) .
>$memberval;
>  }
>
>  if ( isset($HTTP_POST_VARS['approve']) )
>---CUT---
>
>
>Apply the patch:
>
>patch groupcp.php phpbb2-groupcp.patch
>
>
>
>Applying the above patches will fix the phpBB2
>privmsg.php XSS vulnerability, and the input
>validation error vulnerability in the groupcp.php
>script.
>
>
>
>Thank you for your time.
>Shaun.
>
>________________________________________________________________________
>BT Yahoo! Broadband - Free modem offer, sign up online today and save £80
>http://btyahoo.yahoo.co.uk
>
>
>  
>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ