Ga naar inhoud
Toon sidebar

No Email this week :(

Door Daren, in Testforum

Start een nieuw topic

Aanbevolen berichten

Daren

Daren

Geplaatst:
Geplaatst:

Daren

Junior     6 0

Dennis,

 

Only 3 mins left on this library PC... No email for me this week so far. :(

 

One urgent thing.... make a backup of PrintPage.php and remove all the text in that file save the <? PHP > tags and maybe an echo line in the middle. Huge security hole that exposes all private forum msgs. I'll give you more detail about it when I get back if you don't already know about it.

 

I'll catch up with you Monday if not before!

 

Daren

 

Link naar reactie
Daren

Daren

Geplaatst:
  • Auteur
Geplaatst:

Daren

Junior     6 0

Here is more detail on that PrintPage.php bug that I promised. Note that the clanfusion.net links should not longer reveal the private messages since we patched the hole on that forum, but it should give you an example to go by if you want to try it on your forum or another.

 

 

Two YaBBSE bugs so far (if you've been following my thread on the FU board...)

 

Bug 1: Path disclosure. Not a very big deal in and of itself.

 

Example: http://www.clanfusion.net/yabbse/Printpage.php?board=3;threadid=326sadfasdf

 

"Gibberish" in the query string will spit out an error page with the full path to Printpage.php.

 

 

Bug 2: ANY visitor (even "Guest") can read private messages. Trivial to exploit. Trivial to harvest an entire mesasge board with a little coding skill.

 

I picked this particular thread due to a "feature/bug" in the YaBBSE stats. From the YaBBSE "Home," near the bottom of the screen, click the link that reads [More Stats]. By default, this can reveal private board names and private thread names if they make it into the Top 10 list. I hacked that on my message boards to require an is_admin() check before allowing it to execute.

 

*LOG OUT* of the Fusion YABBSE, and enter this URL:

 

http://www.clanfusion.net/yabbse/Printpage.php?threadid=366

 

The "authentic" URL for a legitimate member trying to do this is:

 

http://www.clanfusion.net/yabbse/Printpage.php?board=5;threadid=366

 

The "board=x;" is not necessary. You can use any board number or just eliminate that part of the URL entirely. To harvest an entire message board, all you need to do is write a little program that will fetch threads in sequential order, which is trivial to do.

 

Fix: Apparently upgrade Printpage.php to 1.4.1. For the time being, I have replaced the entire contents of the file, on all my message boards, with this:

 

<?php
echo "Function Temporarily Disabled";
?>

 

 

Link naar reactie
Gast
Dit topic is nu gesloten voor nieuwe reacties.
Ga naar topic overzicht
Verberg sidebar
  • higherlevel video

  • Wie is er online?
    6 leden, 141 Gasten

    Bekijk volledige lijst

  • Breng jouw businessplan naar een higher level!

    Op dit forum worden alle onderwerpen m.b.t. ondernemerschap besproken.

    • Stel jouw ondernemersvragen
    • Antwoorden/oplossingen van collega ondernemers
    • > 65.000 geregistreerde leden
    • > 100.000 bezoekers per maand
    • 24/7 bereikbaar / binnen < 6 uur antwoord
    •  Altijd gratis

  • Ook interessant:

    Ondernemersplein
×
×
  • Nieuwe aanmaken...

Cookies op HigherLevel.nl

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.

  Oké