[1.7.1 / 1.7.2] Security fix for SQL injection in session.php

[Jan]

This is an important security fix.

Open includes/sessions.php and find the following line:

Code:  [Select]  [Expand]  [Hide line numbers]

1	$this->session_id = session_id();

replace this line with the following code:

Code:  [Select]  [Expand]  [Hide line numbers]

1	$this->session_id = preg_replace('/[^a-z0-9]+/i', '', session_id());

[mawenzi]

Danke für das schnelle Fix ! Und nur für  1.7.1, 1.7.2 ... nicht 1.7 ?

[DBCapricorn]

Always on it. Thanks for looking out for us.

[ivan]

hello,
i have two this lines

Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6 7

function get_session_id() {     if (SID == '') {       $this->mode = "cookie";     }     $this->session_id = session_id();   }

and here

Code:  [Select]  [Expand]  [Hide line numbers]

1 2 3 4 5 6

if (!isset($this->session_info['session_ip']) || (isset($this->session_info['session_ip']) && $this->session_info['session_ip'] != $this->user_ip))     {       session_regenerate_id();       $this->session_id = session_id();       return false;     }

both replace???

greets ivan

[V@no]

the first one is enough

[vBFreak]

Betrifft das auch die User, die die vBulletin-Integration verwenden? Ich kann in der ganzen Datei $this->session_id = session_id(); nirgends finden...

--

Are users of the vBulletin gallery integration also affected? I can't find these lines or $this->session_id = session_id(); at all...

[Bugfixed]

I'm using phpbb+4images integration system. in /galeri/includes/sesion.php "$this->session_id = session_id();" not line. please help.

[JensF]

Danke für das schnelle Fix ! Und nur für  1.7.1, 1.7.2 ... nicht 1.7 ?

Ich denke nicht, oder?? Ich jedenfalls kann den Teil nicht in meiner sessions.php finden...

[flo31083]

I have the newest version only 1 week ago ago down-loaded participates that fixed there already? or do I have to change that again now? thus was the down load updated?


sorry for ma english


in german

ich hab die neuste version erst vor 1 woche runtergeladen ist der fix da schon dabei ? oder muss ich das jetzt nochmal selbst ändern ? also würde der download aktualisiert ?

[kai]

Danke für das schnelle Fix ! Und nur für  1.7.1, 1.7.2 ... nicht 1.7 ?

Exactly, this fix is only for 1.7.1 and 1.7.2, not for 1.7

[kai]

I have the newest version only 1 week ago ago down-loaded participates that fixed there already? or do I have to change that again now? thus was the down load updated?

Yes, the fix is included in the current download (since 3rd of may 2006).
If you're not sure, search in includes/sessions.php for code Jan posted in the first post.

[vBFreak]

I don't know why, even if I don't know if it was this bug I had spam bots in my gallery yesterday whose used a sql injection bug on my gallery to spam user comments with advertisement for porno links and so on...

As I've already said above I'm using the vBulletin integration and I can't find the line mentioned above...

what can I do?

[V@no]

I don't know why, even if I don't know if it was this bug I had spam bots in my gallery yesterday whose used a sql injection bug on my gallery to spam user comments with advertisement for porno links and so on...

and how did you get to this conclusion? do you have proof they used a hole in 4images? (not that I'm judging you )

[vBFreak]

I'm sure since they were not registered and if you're not registered you're unable to post comments, I've tested that.

Also as I've viewed the comments in my admin cp to delete them, some fields seemed to be empty or so, the comment overview of the picture where they had spammed looked really strange especially for these comments only, so I don't think these comments were made through the 4images gallery itself.

[V@no]

Ok, please attach your sessions.php, I'll take a look at it.