Security Patch for PortailPHP 0.99

• Previous message: Florian Weimer: "Re: ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

PRODUCT :   PORTAILPHP
        http://www.yoopla.net/portailphp/
        A nice PHP CMS

PROBLEM :   XSS
        SQL INJECTION
        in /mod_search/index.php
        read it for more details :)

SOLUTION :  Download patch from http://www.phpsecure.org
        or manually add this lines at beginning of /mod_search/index.php :
                /* XSS AND SQL HOLES PATCHED BY WWW.PHPSECURE.ORG */
                $rech = str_replace("'",'',$rech);          // protection anti SQL injection
                $BD_Tab_docs = str_replace('`','',$BD_Tab_docs);    // idem
                $BD_Tab_file = str_replace('`','',$BD_Tab_file);    // idem
                $BD_Tab_liens = str_replace('`','',$BD_Tab_liens);  // idem
                $BD_Tab_faq = str_replace('`','',$BD_Tab_faq);      // idem
                $chemin = htmlentities($chemin);            // anti XSS
                $App_Theme = htmlentities($App_Theme);          // idem
                $Rub_Search = htmlentities($Rub_Search);        // idem
                $Rub_News = htmlentities($Rub_News);            // idem
                $Rub_File = htmlentities($Rub_File);            // idem
                $Rub_Liens = htmlentities($Rub_Liens);          // idem
                $Rub_Faq = htmlentities($Rub_Faq);          // idem
                /* END OF SECURITY PATCH */
        or wait for an official release ... at your own risks.

CREDITS :   http://www.phpsecure.org :)

• Next message: Pete Foster: "[Sec-Tec Advisory] Local scripting vulnerability in phpBB"
• Previous message: Florian Weimer: "Re: ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 12:12:20 PST