You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 75 guest(s) and 1 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - phpBB "postorder" Parameter Cross Site Scripting [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

phpBB "postorder" Parameter Cross Site Scripting
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
Author Message
chris
Support Mod
Support Mod


Joined: Jul 17, 2003
Posts: 12
PostPosted: Mon Mar 01, 2004 5:07 am Reply with quoteBack to top
phpBB "postorder" Parameter Cross Site Scripting Vulnerability

I don't know how much this affects PHP-Nuke, since the GET array is checked against "<script>" strings, but could somebody commend on this?
Find all posts by chrisView user's profileSend private messageVisit poster's website
djmaze
Captain
Captain


Joined: Nov 29, 2003
Posts: 566

Location: Netherlands
PostPosted: Mon Mar 01, 2004 7:02 am Reply with quoteBack to top
The fix they mention is not nice.
This is better change in "modules/Forums/viewtopic.php"
Code:
if ( !empty($HTTP_POST_VARS['postorder']) || !empty($HTTP_GET_VARS['postorder']) )
{
        $post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder'];
        $post_time_order = ($post_order == "asc") ? "ASC" : "DESC";
into
Code:
if ( !empty($HTTP_POST_VARS['postorder']) || !empty($HTTP_GET_VARS['postorder']) )
{
        $post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder'];
        $post_order = substr($post_order, 0, 3);
        $post_time_order = ($post_order == "asc") ? "ASC" : "DESC";

_________________
Famous people never give their signature Rolling Eyes
http://www.cpgnuke.com <- back online thanks to dedicatednow.com
Don't ask me to be admin on your site please Exclamation
Find all posts by djmazeView user's profileSend private messageVisit poster's website
chatserv
General
General


Joined: Jan 12, 2003
Posts: 3128

Location: Puerto Rico
PostPosted: Mon Mar 01, 2004 7:31 am Reply with quoteBack to top
I would guess valid sort orders would be ascending and descending, if that is the case then the following would do:

In viewtopic.php find:
Code:
//
// Decide how to order the post display
//
if ( !empty($HTTP_POST_VARS['postorder']) || !empty($HTTP_GET_VARS['postorder']) )
{
        $post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder'];

After add:
Code:
if (!eregi("^((asc)|(desc))$",$post_order) )
{
        message_die(GENERAL_ERROR, 'Selected post order is not valid');
}

To test it view any topic and at the end of the url add:
Code:
&postorder=chatserv

Not the result kiddies would expect.

_________________
Feed a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.
ScriptHeaven | NukeResources
Find all posts by chatservView user's profileSend private messageVisit poster's website
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.190 Seconds - 317 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::