You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 27 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - another hole in phpBB 2.08?? [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
Doodle
Premium
Premium


Joined: Sep 13, 2003
Posts: 50


PostPosted: Fri Mar 26, 2004 11:22 am Reply with quoteBack to top

I just upgraded to 2.08 and I read this post already:

http://www.securityfocus.com/archive/1/358708

_________________
Doodle
Independent Network Solutions
webmaster@indnet.ca
Find all posts by DoodleView user's profileSend private messageSend e-mailVisit poster's website
genoxide
Sergeant
Sergeant


Joined: Jun 19, 2003
Posts: 80


PostPosted: Sat Mar 27, 2004 1:34 am Reply with quoteBack to top

If you use the protector system you dont have to worry about this since its protecting the 'UNION' exploit.
But yes this must be fixed :/

_________________
Image
Find all posts by genoxideView user's profileSend private messageVisit poster's website
genoxide
Sergeant
Sergeant


Joined: Jun 19, 2003
Posts: 80


PostPosted: Sat Mar 27, 2004 1:42 am Reply with quoteBack to top

a fix for phpbb was posted over here Wink

_________________
Image

Last edited by genoxide on Sun Mar 28, 2004 7:39 am; edited 1 time in total
Find all posts by genoxideView user's profileSend private messageVisit poster's website
Waldo
Nuke Soldier
Nuke Soldier


Joined: Mar 16, 2004
Posts: 24


PostPosted: Sat Mar 27, 2004 6:57 pm Reply with quoteBack to top

genoxide wrote:
a fix for phpbb was posted over here so we just wait for someone to port it to bbtonuke Wink


Hmmm, I don't know if this bug exists in bbtonuke208. Check out line 292 of

/modules/Private_Messages/index.php:

Code:
                        $pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
                                        AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
                                OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
                                        AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )


According to the description of the bug, the first line should have looked like:

Code:
                        $pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "


But in my version, it is a regular "=", not a ".=" as described in the bug. Did someone already fix this?

W
Find all posts by WaldoView user's profileSend private message
genoxide
Sergeant
Sergeant


Joined: Jun 19, 2003
Posts: 80


PostPosted: Sun Mar 28, 2004 7:08 am Reply with quoteBack to top

i have the '.=' lets see if the exploit works if i set it to be just '='
i did test this exploit on my test site and it only prints 25 chrs of the pwd not all the pwd
edit: it works Smile i removed the dot (.) from the '.=' and it looks like the exploit can't work Wink

_________________
Image
Find all posts by genoxideView user's profileSend private messageVisit poster's website
EscortCossie
Lieutenant
Lieutenant


Joined: Feb 21, 2004
Posts: 235

Location: Stavanger, Norway

PostPosted: Sun Mar 28, 2004 9:51 am Reply with quoteBack to top

I have also upgraded to 2.0.8.. but I'm not sure what to change Confused

Would be great if someone could make the the neccesary changes in the code below.

Code:
case 'inbox':
                        $l_box_name = $lang['Inbox'];
                        $pm_sql_user = "AND pm.privmsgs_to_userid = " . $userdata['user_id'] . "
                                AND ( pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . "
                                        OR pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
                                        OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
                        break;
                case 'outbox':
                        $l_box_name = $lang['Outbox'];
                        $pm_sql_user = "AND pm.privmsgs_from_userid =  " . $userdata['user_id'] . "
                                AND ( pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
                                        OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";
                        break;
                case 'sentbox':
                        $l_box_name = $lang['Sentbox'];
                        $pm_sql_user = "AND pm.privmsgs_from_userid =  " . $userdata['user_id'] . "
                                AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;
                        break;
                case 'savebox':
                        $l_box_name = $lang['Savebox'];
                        $pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
                                        AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
                                OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
                                        AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )
                                )";
                        break;
                default:
                        message_die(GENERAL_ERROR, $lang['No_such_folder']);
                        break;


Thanks a lot!

_________________
Image
Visit the Ford Escort Portal >> EscortPower.net!
Find all posts by EscortCossieView user's profileSend private messageVisit poster's website
genoxide
Sergeant
Sergeant


Joined: Jun 19, 2003
Posts: 80


PostPosted: Sun Mar 28, 2004 12:44 pm Reply with quoteBack to top

Code:
case 'savebox':
                        $l_box_name = $lang['Savebox'];
                        $pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "

to
Code:
case 'savebox':
                        $l_box_name = $lang['Savebox'];
                        $pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "

_________________
Image
Find all posts by genoxideView user's profileSend private messageVisit poster's website
EscortCossie
Lieutenant
Lieutenant


Joined: Feb 21, 2004
Posts: 235

Location: Stavanger, Norway

PostPosted: Sun Mar 28, 2004 2:46 pm Reply with quoteBack to top

Thanks a lot genoxide! Smile

_________________
Image
Visit the Ford Escort Portal >> EscortPower.net!
Find all posts by EscortCossieView user's profileSend private messageVisit poster's website
Sp4c3J4m
Corporal
Corporal


Joined: Mar 21, 2004
Posts: 56

Location: Brazil

PostPosted: Sun Mar 28, 2004 11:57 pm Reply with quoteBack to top

Shocked What the hellll!!!!!!!!!!!!! Evil or Very Mad

Whe need a FIX log or there will be a 2.0.8.a version ??

Its getting dificult to NORMAL people maintain their NUKE sites safe.

And by the way... that .DOT. in then code is VERY strange, Don´t????

OK!, one more fix to the list.

_________________
Image
Find all posts by Sp4c3J4mView user's profileSend private messageVisit poster's websiteMSN MessengerICQ Number
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.849 Seconds - 17 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::