|
Bugs and vulnerability notes for linux-sottises software
There is a mailing liste SoftSottises
to receive information of updates or new softwares.
board-tnk
March 15 2002: Security Vulnerability in 1.3.0 (and less)
Cross site script vulnerability found by Ahmet Sabri ALPER from
www.olympos.org
SORRY!!! :(((
Please upgrade from 1.3.0 (or less) to 1.3.1
Description
THE VULNERABILITY HAS BEED CORRECTED IN 1.3.1, EVEN IF VISITORS ALREADY
POSTED MESSAGES WITH THE VULNERABILITY. SO IF YOU UPGRADE TO 1.3.1,
THERE SHOULD NOT BE ANY PROBLEMS, EVEN IF YOU
DO NOT CHECK OR DELETE BAD MESSAGES!!
The vulnerability appears in the web information that a visitor can post.
If you want to check if some of your visitors used the vulnerability, check the web information
which is stored in mysql tables of board-tnk in the "web" field (with phpMyAdmin for example).
If you see "strange" values (like scripts or other things which are not urls)
in this field, you can just delete the web field value (if you do not delete them, the script
will "clean" the url before using it...)
If you have any question on the subject, feel free to email me at tnka@linux-sottises.net,
I will help you.
If you have made you own modifications in the script, here are the very small modifications to
make to board.php (php4) or to board.php3 (php3), so that you do not have to make all your
work again:
Replace:
// add http:// to webpost if web_post is given
if($web_post){
$web_post="http://".$web_post;
}
|
by:
// add http:// to webpost if web_post is given
if($web_post){
//security issue found by Ahmet Sabri ALPER
$web_post=strip_tags ($web_post);
// end of security issue
$web_post="http://".$web_post;
}
|
And replace
by:
$web=$row["web"];
$web=strip_tags($web);
|
news-tnk
March 15 2002: Security vulnerability found in 1.2.1 (and less)
Please upgrade to 1.2.2!! SORRY!!! :(((
Description
THE VULNERABILITY HAS BEED CORRECTED IN 1.2.2, EVEN IF VISITORS ALREADY
POSTED MESSAGES WITH THE VULNERABILITY. SO IF YOU UPGRADE TO 1.2.2,
THERE SHOULD NOT BE ANY PROBLEMS, EVEN IF YOU
DO NOT CHECK OR DELETE BAD MESSAGES!!
The vulnerability appears in the web information that a visitor can post.
If you want to check if some of your visitors used the vulnerability, check the web information
which is stored in mysql news_list table of news-tnk in the "web" field (with phpMyAdmin for example).
If you see "strange" values (like scripts or other things which are not urls)
in this field, you can just delete the web field value (if you do not delete them, the script
will "clean" the url before using it...)
If you have any question on the subject, feel free to email me at tnka@linux-sottises.net,
I will help you.
If you made your own modifications in the script, here are the very small modifications
to do so that you do not have to do all you work again:
in news_post.php (or news_post.php3):
add:
just after the comment:
in news_admin.php (or news_admin.php3), replace:
by:
$webx=$news["web"];
$webx=strip_tags($webx);
|
and replace:
by:
$web=$news["web"];
$web=strip_tags($web);
|
and finally, in include/news_show.php (or include/news_show.php3), change:
by:
$webx=$news["web"];
$webx=strip_tags($webx);
|
|
