on 8/3/01 12:51 PM, kill-9at_private (kill-9at_private) wrote: > found by: kill-9at_private > http://www.modernhacker.com I don't know whether or not kill-9 notified anyone about his exploit before posting. He also didn't mention a fix for the problem. One fix can be found at: <http://www.game-mods.com/prefs.php.txt> I didn't write the code but saw it on the phpBB support forum. Please note there is a slight typo in the file. The correct lines to add around line 51 in prefs.php are: $fviewemail = str_replace('=','',$viewemail); $fthemes = str_replace('=','',$themes); $fsig = str_replace('=','',$tsig); $fsmile = str_replace('=','',$smile); $fdishtml = str_replace('=','',$dishtml); $fdisbbcode = str_replace('=','',$disbbcode); $flang = str_replace('=','',$lang); $sql = "UPDATE users SET user_viewemail='$fviewemail', user_theme='$fthemes', user_attachsig = '$fsig', user_desmile = '$fsmile', user_html = '$fdishtml', user_bbcode = '$fdisbbcode', user_lang = '$flang' WHERE (user_id = '$userdata[user_id]')"; There may be other bugs in the code in other files that can be exploited in a similar fashion, but this resolves one immediate threat. Another user named mmj on the boards mentioned: > Removing the = signs in all the variables is one solution. Using addslashes() > on all the variables in an alternative solutions. Hope that helps. Sincerely, Paul Burney +-------------------------+---------------------------------+ | Paul Burney | P: 310.825.8365 | | Webmaster && Programmer | E: <webmasterat_private> | | UCLA -> GSE&IS -> ETU | W: <http://www.gseis.ucla.edu/> | +-------------------------+---------------------------------+
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 15:35:45 PDT