Ga naar inhoud
    • Sidebar tonen Sidebar tonen

    No Email this week :(

    Geplaatst:

    Daren

    Dennis,

     

    Only 3 mins left on this library PC... No email for me this week so far. :(

     

    One urgent thing.... make a backup of PrintPage.php and remove all the text in that file save the <? PHP > tags and maybe an echo line in the middle. Huge security hole that exposes all private forum msgs. I'll give you more detail about it when I get back if you don't already know about it.

     

    I'll catch up with you Monday if not before!

     

    Daren

     

    Verberg topic start

    Featured Replies

    Geplaatst:

    zrski

    OK Daren,

     

    I'll start on that right away.

    HL-er van het eerste uur (& proud of it)

    follow me on twitter http://www.twitter.com/dhettema

    fuk spelvouten

    Geplaatst:

    Daren

    • Auteur

    Here is more detail on that PrintPage.php bug that I promised. Note that the clanfusion.net links should not longer reveal the private messages since we patched the hole on that forum, but it should give you an example to go by if you want to try it on your forum or another.

     

     

      Quote
    Two YaBBSE bugs so far (if you've been following my thread on the FU board...)

     

    Bug 1: Path disclosure. Not a very big deal in and of itself.

     

    Example: http://www.clanfusion.net/yabbse/Printpage.php?board=3;threadid=326sadfasdf

     

    "Gibberish" in the query string will spit out an error page with the full path to Printpage.php.

     

     

    Bug 2: ANY visitor (even "Guest") can read private messages. Trivial to exploit. Trivial to harvest an entire mesasge board with a little coding skill.

     

    I picked this particular thread due to a "feature/bug" in the YaBBSE stats. From the YaBBSE "Home," near the bottom of the screen, click the link that reads [More Stats]. By default, this can reveal private board names and private thread names if they make it into the Top 10 list. I hacked that on my message boards to require an is_admin() check before allowing it to execute.

     

    *LOG OUT* of the Fusion YABBSE, and enter this URL:

     

    http://www.clanfusion.net/yabbse/Printpage.php?threadid=366

     

    The "authentic" URL for a legitimate member trying to do this is:

     

    http://www.clanfusion.net/yabbse/Printpage.php?board=5;threadid=366

     

    The "board=x;" is not necessary. You can use any board number or just eliminate that part of the URL entirely. To harvest an entire message board, all you need to do is write a little program that will fetch threads in sequential order, which is trivial to do.

     

    Fix: Apparently upgrade Printpage.php to 1.4.1. For the time being, I have replaced the entire contents of the file, on all my message boards, with this:

     

    <?php
echo "Function Temporarily Disabled";
?>

     

     

    Gast
    Dit topic is nu gesloten voor nieuwe reacties.

    Maak een account aan of log in om te reageren

    Je moet een lid zijn om een reactie te kunnen achterlaten

    Account aanmaken

    Registreer voor een nieuwe account in onze community. Het is erg gemakkelijk!

    Registreer een nieuw account

    Inloggen

    Heb je reeds een account? Log hier in.

    Nu inloggen
    Ga naar topic overzicht
    Copyright Higherlevel.nl 2002-2025 - Alle rechten voorbehouden - Privacy statement - Powered by Ping Media en bedacht door Mikky

    Cookies op HigherLevel.nl

    We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.