[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070414183424.1462.qmail@securityfocus.com>
Date: 14 Apr 2007 18:34:24 -0000
From: Lostmon@...il.com
To: bugtraq@...urityfocus.com
Subject: Re: sitex multiple vulnerabilities
Hello !
Original article:http://lostmon.blogspot.com/2007/04/posible-patch-for-sitex.html
vendor url: http://sitex.bjsintay.com/
osvdb id:33158,33159,33160,33161
http://archives.neohapsis.com/archives/bugtraq/2007-02/0477.html
http://www.securityfocus.com/archive/1/archive/1/461305/100/0/threaded
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1234
after study this vulns i found a simple posible patch :
some others params are afected like albumid upon submit to albun.php
username box upon submision to login.php , and multiple others params.
the most of those flaws could be solve by a simple patch for "emergency" before the vendor
release a update or a patch
open includes/functions.php
arround line 12-13 we have this code
// - = - = - = - = - = - = - = - = -
// GLOBAL CODE
// - = - = - = - = - = - = - = - = -
// Convert post, get, and server variables for shorthand use and
// register globals compatibility
if (!empty($_POST)) foreach ($_POST as $k => $v) $$k = $v;
if (!empty($_GET)) foreach ($_GET as $k => $v) $$k = $v;
if (!empty($_SERVER)) foreach ($_SERVER as $k => $v) $$k = $v;
if (!empty($_COOKIE)) foreach ($_COOKIE as $k => $v) $$k = $v;
if (!empty($_SESSION)) foreach ($_SESSION as $k => $v) $$k = $v;
// Prevent PHP include vulnerability, initialize important vars, will be over-written
#################################################################
you can change for this other :
################################################################
// stop XSS function to mitigate the posible XSS flaws
//use StopXSS(param or function)
function StopXSS($text){
$text = preg_replace("/(\<script)(.*?)(script>)/si", "", "$text");
$text = strip_tags($text);
$text = str_replace(array("'","\"",">","<","\\"), "", $text);
return $text;
}
// - = - = - = - = - = - = - = - = -
// GLOBAL CODE
// - = - = - = - = - = - = - = - = -
// Convert post, get, and server variables for shorthand use and
// register globals compatibility
if (!empty($_POST)) foreach ($_POST as $k => $v) $$k = StopXSS($v);
if (!empty($_GET)) foreach ($_GET as $k => $v) $$k = StopXSS($v);
if (!empty($_SERVER)) foreach ($_SERVER as $k => $v) $$k = StopXSS($v);
if (!empty($_COOKIE)) foreach ($_COOKIE as $k => $v) $$k = StopXSS($v);
if (!empty($_SESSION)) foreach ($_SESSION as $k => $v) $$k = StopXSS($v);
// Prevent PHP include vulnerability, initialize important vars, will be over-written
#####################################################################
and the most of xss flaws now are solved :D
Thnx for your time !!!
Thnx to OSVDB !!!
--
atentamente:
Lostmon (lostmon@...il.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Powered by blists - more mailing lists