Author |
Message |
Doodle
Premium


Joined: Sep 13, 2003
Posts: 50
|
Posted:
Fri Mar 26, 2004 11:22 am |
  |
|
     |
 |
genoxide
Sergeant


Joined: Jun 19, 2003
Posts: 80
|
Posted:
Sat Mar 27, 2004 1:34 am |
  |
If you use the protector system you dont have to worry about this since its protecting the 'UNION' exploit.
But yes this must be fixed :/ |
_________________
 |
|
    |
 |
genoxide
Sergeant


Joined: Jun 19, 2003
Posts: 80
|
Posted:
Sat Mar 27, 2004 1:42 am |
  |
a fix for phpbb was posted over here  |
_________________

Last edited by genoxide on Sun Mar 28, 2004 7:39 am; edited 1 time in total |
|
    |
 |
Waldo
Nuke Soldier


Joined: Mar 16, 2004
Posts: 24
|
Posted:
Sat Mar 27, 2004 6:57 pm |
  |
genoxide wrote: |
a fix for phpbb was posted over here so we just wait for someone to port it to bbtonuke  |
Hmmm, I don't know if this bug exists in bbtonuke208. Check out line 292 of
/modules/Private_Messages/index.php:
Code: |
$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) |
According to the description of the bug, the first line should have looked like:
Code: |
$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " |
But in my version, it is a regular "=", not a ".=" as described in the bug. Did someone already fix this?
W |
|
|
   |
 |
genoxide
Sergeant


Joined: Jun 19, 2003
Posts: 80
|
Posted:
Sun Mar 28, 2004 7:08 am |
  |
i have the '.=' lets see if the exploit works if i set it to be just '='
i did test this exploit on my test site and it only prints 25 chrs of the pwd not all the pwd
edit: it works i removed the dot (.) from the '.=' and it looks like the exploit can't work  |
_________________
 |
|
    |
 |
EscortCossie
Lieutenant


Joined: Feb 21, 2004
Posts: 235
Location: Stavanger, Norway
|
Posted:
Sun Mar 28, 2004 9:51 am |
  |
I have also upgraded to 2.0.8.. but I'm not sure what to change
Would be great if someone could make the the neccesary changes in the code below.
Code: |
case 'inbox':
$l_box_name = $lang['Inbox'];
$pm_sql_user = "AND pm.privmsgs_to_userid = " . $userdata['user_id'] . "
AND ( pm.privmsgs_type = " . PRIVMSGS_READ_MAIL . "
OR pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )";
break;
case 'outbox':
$l_box_name = $lang['Outbox'];
$pm_sql_user = "AND pm.privmsgs_from_userid = " . $userdata['user_id'] . "
AND ( pm.privmsgs_type = " . PRIVMSGS_NEW_MAIL . "
OR pm.privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";
break;
case 'sentbox':
$l_box_name = $lang['Sentbox'];
$pm_sql_user = "AND pm.privmsgs_from_userid = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SENT_MAIL;
break;
case 'savebox':
$l_box_name = $lang['Savebox'];
$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " )
)";
break;
default:
message_die(GENERAL_ERROR, $lang['No_such_folder']);
break;
|
Thanks a lot! |
_________________
Visit the Ford Escort Portal >> EscortPower.net! |
|
    |
 |
genoxide
Sergeant


Joined: Jun 19, 2003
Posts: 80
|
Posted:
Sun Mar 28, 2004 12:44 pm |
  |
Code: |
case 'savebox':
$l_box_name = $lang['Savebox'];
$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " |
to
Code: |
case 'savebox':
$l_box_name = $lang['Savebox'];
$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " |
|
_________________
 |
|
    |
 |
EscortCossie
Lieutenant


Joined: Feb 21, 2004
Posts: 235
Location: Stavanger, Norway
|
Posted:
Sun Mar 28, 2004 2:46 pm |
  |
|
    |
 |
Sp4c3J4m
Corporal


Joined: Mar 21, 2004
Posts: 56
Location: Brazil
|
Posted:
Sun Mar 28, 2004 11:57 pm |
  |
What the hellll!!!!!!!!!!!!!
Whe need a FIX log or there will be a 2.0.8.a version ??
Its getting dificult to NORMAL people maintain their NUKE sites safe.
And by the way... that .DOT. in then code is VERY strange, Don´t????
OK!, one more fix to the list. |
_________________
 |
|
      |
 |
|