You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 416 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
PHP Security Breach - Important
SecurityTonino47 writes "As per article/recommendation at codezwiz.com
I urge all our users to make the following change to viewtopic.php (Forum module) as a matter of urgency. Open viewtopic.php in any text editor. Find the following section of code:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
for($i = 0; $i {

and replace with:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
for($i = 0; $i {

Note: Please inform as many people as possible about this issue. If you're a hosting provider please inform your customers if possible. Else we advise you implement some level of additional security if you run ensim or have PHP running cgi under suexec, etc."
Posted on Monday, December 06 @ 14:16:33 CET by VinDSL
 
Related Links
· Computer Cops
· More about Security
· News by VinDSL


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: PHP Security Breach - Important (Score: 1)
by phantomk on Monday, December 06 @ 21:37:57 CET
(User Info | Send a Message)
How many times are ppl going to post the same thing, yes its important, but I have seen this same topic at least 3 times on nukecops.com



Re: PHP Security Breach - Important (Score: 1)
by checksum on Monday, December 06 @ 22:43:42 CET
(User Info | Send a Message)
Thank you for your post.

Not everyone can see it the first time or the second time...



Re: PHP Security Breach - Important (Score: 1)
by springmill on Tuesday, December 07 @ 08:44:14 CET
(User Info | Send a Message)
Thanks,

This was the first time I had seen this and I made the code changes last evening. In my particular case I did not have an ending } in my code so I chose not to include the one in your code to stay consistent. Can you tell me how to test that bit of code to make sure my changes were correct?

Kind Regards,
Greg McABee



Re: PHP Security Breach - Important (Score: 1)
by whitebox on Tuesday, December 07 @ 13:00:30 CET
(User Info | Send a Message) http://www.phpcusa.com
i did change that code and now i can't view my forums :-(



Re: PHP Security Breach - Important (Score: 1)
by kjcdude on Tuesday, December 07 @ 19:54:41 CET
(User Info | Send a Message) http://kyle.theocsucks.com
What versions of phpbb does this effect?


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.609 Seconds - 167 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::