on 8/3/01 12:51 PM, kill-9modernhackers.com (kill-9modernhackers.com)
wrote:

> found by: kill-9modernhacker.com
> http://www.modernhacker.com

I don't know whether or not kill-9 notified anyone about his exploit before
posting. He also didn't mention a fix for the problem. One fix can be
found at:

<http://www.game-mods.com/prefs.php.txt>

I didn't write the code but saw it on the phpBB support forum.

Please note there is a slight typo in the file. The correct lines to add
around line 51 in prefs.php are:

$fviewemail = str_replace('=','',$viewemail);
$fthemes = str_replace('=','',$themes);
$fsig = str_replace('=','',$tsig);
$fsmile = str_replace('=','',$smile);
$fdishtml = str_replace('=','',$dishtml);
$fdisbbcode = str_replace('=','',$disbbcode);
$flang = str_replace('=','',$lang);
$sql = "UPDATE users SET user_viewemail='$fviewemail',
user_theme='$fthemes', user_attachsig = '$fsig', user_desmile = '$fsmile',
user_html = '$fdishtml', user_bbcode = '$fdisbbcode', user_lang = '$flang'
WHERE (user_id = '$userdata[user_id]')";

There may be other bugs in the code in other files that can be exploited in
a similar fashion, but this resolves one immediate threat.

Another user named mmj on the boards mentioned:

> Removing the = signs in all the variables is one solution. Using addslashes()
> on all the variables in an alternative solutions.

Hope that helps.

Sincerely,

Paul Burney

+-------------------------+---------------------------------+
| Paul Burney | P: 310.825.8365 |
| Webmaster && Programmer | E: <webmastergseis.ucla.edu> |
| UCLA -> GSE&IS -> ETU | W: <http://www.gseis.ucla.edu/> |
+-------------------------+---------------------------------+

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]