Big bug in phpBB

CrazyMouse

Verified User
Joined
Jul 24, 2004
Messages
53
Location
The Netherlands
please read this URL

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513

open viewtopic.php in any text editor. Find the following section
PHP:
// 
// Was a highlight request part of the URI? 
// 
$highlight_match = $highlight = ''; 
if (isset($HTTP_GET_VARS['highlight'])) 
{ 
   // Split words and phrases 
   $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight'])))); 

   for($i = 0; $i < sizeof($words); $i++) 
   {
and replace with:

PHP:
// 
// Was a highlight request part of the URI? 
// 
$highlight_match = $highlight = ''; 
if (isset($HTTP_GET_VARS['highlight'])) 
{ 
   // Split words and phrases 
   $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight']))); 

   for($i = 0; $i < sizeof($words); $i++) 
   {


Please inform as many people as possible about this issue. If you're a hosting provider please inform your customers if possible. Else we advise you implement some level of additional security if you run ensim or have PHP running cgi under suexec, etc.
 

vandal

Verified User
Joined
Oct 22, 2003
Messages
696
Location
Calgary, AB
this is really huge, you can run system commands. make sure your users update this asap, or i would check myself just to be sure.
 

vandal

Verified User
Joined
Oct 22, 2003
Messages
696
Location
Calgary, AB
somepeople rename their forums

i would include a few other words
# locate -i forum
# locate -i forums
# locate -i phpBB2
# locate -i boards
# locate -i messageboard

something like that
 

vandal

Verified User
Joined
Oct 22, 2003
Messages
696
Location
Calgary, AB
actually, just search for a file you know phpbb uses, also the one that needs patching.

# locate -i viewtopic.php
 

l0rdphi1

Verified User
Joined
Jun 22, 2003
Messages
1,471
Code:
perl -pi -e 's/(.words = explode.. ., trim.htmlspecialchars.)urldecode.(.HTTP_GET_VARS..highlight.....)./$1$2/' viewtopic.php
Haven't tested, but that should patch viewtopic.php for you :)

Phi1.
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
vandal said:
somepeople rename their forums

i would include a few other words
# locate -i forum
# locate -i forums
# locate -i phpBB2
# locate -i boards
# locate -i messageboard

something like that
I doubt people rename the images built into phpbb, which is what my command finds.

I suppose they could, however.

Note that locate -i phpBB2 is redundant; phpBB2 would be found by locate -i phpbb.

Jeff
 
Top