CourtneyDS
Baseband Member
- Messages
- 56
Versions Vulnerable:
6.0 without patches ,
6.0 with index.php and mainfile.php patches ...
5.5 with patches ( all resting script tags)
No vulnerable:
6.0 with mainfile.php patch for block url tags inclusions ( not all )...
5.5 with script tags but with the other all ...
DESCRIPTION:
Were working now in nuke based portals, searching modules that use an URL based query I found in the Statistics module some bugs:
When you put a string in the url behind the &year variable the module prints you the character that you put ...
iprobe.. iframe and works.. script tags works.. object works.. applet works.. meta works.. style works.. form works too.. img works.. comments and ssi works ...
SOLUTION :
Put this code in your mainfile.php :
/*
foreach ($HTTP_GET_VARS as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("Oh! .");
}
}
*/
NOTE: Remove comment /* and */.
WHAT CAN HAPPEN ?
Script and binary objects inclusion ... Normally it isn't a problem but there are many viruses written in vbscript and javascript/JS ... Iframe can be used for a link that an user visits and there is and attack to the user trough known iframe vulns ...
With the code that I provided your safe by this little bug ...
Sincerely
CourtneyDS
6.0 without patches ,
6.0 with index.php and mainfile.php patches ...
5.5 with patches ( all resting script tags)
No vulnerable:
6.0 with mainfile.php patch for block url tags inclusions ( not all )...
5.5 with script tags but with the other all ...
DESCRIPTION:
Were working now in nuke based portals, searching modules that use an URL based query I found in the Statistics module some bugs:
When you put a string in the url behind the &year variable the module prints you the character that you put ...
iprobe.. iframe and works.. script tags works.. object works.. applet works.. meta works.. style works.. form works too.. img works.. comments and ssi works ...
SOLUTION :
Put this code in your mainfile.php :
/*
foreach ($HTTP_GET_VARS as $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("Oh! .");
}
}
*/
NOTE: Remove comment /* and */.
WHAT CAN HAPPEN ?
Script and binary objects inclusion ... Normally it isn't a problem but there are many viruses written in vbscript and javascript/JS ... Iframe can be used for a link that an user visits and there is and attack to the user trough known iframe vulns ...
With the code that I provided your safe by this little bug ...
Sincerely
CourtneyDS
