Big bug in phpBB

CrazyMouse

Verified User
Joined
Jul 24, 2004
Messages
53
Location
The Netherlands
please read this URL

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513

open viewtopic.php in any text editor. Find the following section
PHP:
// 
// Was a highlight request part of the URI? 
// 
$highlight_match = $highlight = ''; 
if (isset($HTTP_GET_VARS['highlight'])) 
{ 
   // Split words and phrases 
   $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight'])))); 

   for($i = 0; $i < sizeof($words); $i++) 
   {

and replace with:

PHP:
// 
// Was a highlight request part of the URI? 
// 
$highlight_match = $highlight = ''; 
if (isset($HTTP_GET_VARS['highlight'])) 
{ 
   // Split words and phrases 
   $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight']))); 

   for($i = 0; $i < sizeof($words); $i++) 
   {



Please inform as many people as possible about this issue. If you're a hosting provider please inform your customers if possible. Else we advise you implement some level of additional security if you run ensim or have PHP running cgi under suexec, etc.
 
this is really huge, you can run system commands. make sure your users update this asap, or i would check myself just to be sure.
 
somepeople rename their forums

i would include a few other words
# locate -i forum
# locate -i forums
# locate -i phpBB2
# locate -i boards
# locate -i messageboard

something like that
 
actually, just search for a file you know phpbb uses, also the one that needs patching.

# locate -i viewtopic.php
 
Code:
perl -pi -e 's/(.words = explode.. ., trim.htmlspecialchars.)urldecode.(.HTTP_GET_VARS..highlight.....)./$1$2/' viewtopic.php
Haven't tested, but that should patch viewtopic.php for you :)

Phi1.
 
vandal said:
somepeople rename their forums

i would include a few other words
# locate -i forum
# locate -i forums
# locate -i phpBB2
# locate -i boards
# locate -i messageboard

something like that
I doubt people rename the images built into phpbb, which is what my command finds.

I suppose they could, however.

Note that locate -i phpBB2 is redundant; phpBB2 would be found by locate -i phpbb.

Jeff
 
Back
Top