4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
May 25, 2018, 01:09:55 PM

Login with username, password and session length
Search:     Advanced search
4images is now on facebook. Click here and become a fan!
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7.1 / 1.7.2] Security fix for SQL injection in session.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2 3 » »» Print
Author Topic: [1.7.1 / 1.7.2] Security fix for SQL injection in session.php  (Read 104752 times)
Jan
Administrator
4images Guru
*****
Offline Offline

Posts: 5024

Thank You
-Given: 0
-Receive: 27


View Profile WWW
« on: May 03, 2006, 10:15:56 AM »

This is an important security fix.

Open includes/sessions.php and find the following line:

1
$this->session_id = session_id();

replace this line with the following code:

1
$this->session_id = preg_replace('/[^a-z0-9]+/i', '', session_id());
« Last Edit: May 03, 2006, 11:49:16 AM by Jan » Logged

Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
mawenzi
4images Moderator
4images Guru
*****
Offline Offline

Posts: 4500

Thank You
-Given: 36
-Receive: 121


View Profile
« Reply #1 on: May 03, 2006, 11:47:13 AM »

Danke für das schnelle Fix ! Und nur für  1.7.1, 1.7.2 ... nicht 1.7 ?
Logged

Your first three "must do" before you ask a question ! ( © by V@no )
- please read the Forum Rules ...
- please study the FAQ ...
- please try to Search for your answer ...

You are on search for top 4images MOD's ?
- then please search here ... Mawenzi's Top 100+ MOD List (unsorted sorted) ...
DBCapricorn
Pre-Newbie

Offline Offline

Posts: 1

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #2 on: May 04, 2006, 02:43:24 AM »

Always on it. Thanks for looking out for us. Smile
Logged
ivan
4images Moderator
4images Guru
*****
Offline Offline

Posts: 2279

Thank You
-Given: 4
-Receive: 31


View Profile WWW
« Reply #3 on: May 05, 2006, 06:32:17 AM »

hello,
i have two this lines

1
2
3
4
5
6
7
  function get_session_id() {
    if (SID == '') {
      $this->mode = "cookie";
    }

    $this->session_id = session_id();
  }

and here

1
2
3
4
5
6
    if (!isset($this->session_info['session_ip']) || (isset($this->session_info['session_ip']) && $this->session_info['session_ip'] != $this->user_ip))
    {
      session_regenerate_id();
      $this->session_id = session_id();
      return false;
    }

both replace???

greets ivan
Logged

greetings / grüsse
ivan

Facebook Fan Page | Follow Twitter

Blog: Reisen Blog
Bilder Gallery: Bilder Gallery
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 565

mmm PHP...


View Profile WWW
« Reply #4 on: May 05, 2006, 02:29:21 PM »

the first one is enough Wink
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
vBFreak
Newbie
*
Offline Offline

Posts: 42

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #5 on: May 08, 2006, 02:13:30 AM »

Betrifft das auch die User, die die vBulletin-Integration verwenden? Ich kann in der ganzen Datei $this->session_id = session_id(); nirgends finden...

--

Are users of the vBulletin gallery integration also affected? I can't find these lines or $this->session_id = session_id(); at all...
Logged
Bugfixed
Jr. Member
**
Offline Offline

Posts: 95

Thank You
-Given: 1
-Receive: 1


View Profile WWW
« Reply #6 on: May 10, 2006, 04:38:57 PM »

I'm using phpbb+4images integration system. in /galeri/includes/sesion.php "$this->session_id = session_id();" not line. please help.
Logged

<?php Find Bug ?>
JensF
Addicted member
******
Offline Offline

Posts: 1028

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #7 on: May 11, 2006, 12:22:06 AM »

Danke für das schnelle Fix ! Und nur für  1.7.1, 1.7.2 ... nicht 1.7 ?

Ich denke nicht, oder?? Ich jedenfalls kann den Teil nicht in meiner sessions.php finden...
Logged

Mit freundlichem Gruß
Jens Funk



-> Sorry for my bad English <-
flo31083
Newbie
*
Offline Offline

Posts: 14

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #8 on: May 18, 2006, 01:46:54 PM »

I have the newest version only 1 week ago ago down-loaded participates that fixed there already? or do I have to change that again now? thus was the down load updated?


sorry for ma english


in german

ich hab die neuste version erst vor 1 woche runtergeladen ist der fix da schon dabei ? oder muss ich das jetzt nochmal selbst ändern ? also würde der download aktualisiert ?
Logged
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 199


View Profile WWW
« Reply #9 on: May 18, 2006, 10:52:26 PM »

Danke für das schnelle Fix ! Und nur für  1.7.1, 1.7.2 ... nicht 1.7 ?

Exactly, this fix is only for 1.7.1 and 1.7.2, not for 1.7
Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 199


View Profile WWW
« Reply #10 on: May 18, 2006, 11:01:10 PM »

I have the newest version only 1 week ago ago down-loaded participates that fixed there already? or do I have to change that again now? thus was the down load updated?

Yes, the fix is included in the current download (since 3rd of may 2006).
If you're not sure, search in includes/sessions.php for code Jan posted in the first post.
Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
vBFreak
Newbie
*
Offline Offline

Posts: 42

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #11 on: May 26, 2006, 05:23:31 PM »

I don't know why, even if I don't know if it was this bug I had spam bots in my gallery yesterday whose used a sql injection bug on my gallery to spam user comments with advertisement for porno links and so on...

As I've already said above I'm using the vBulletin integration and I can't find the line mentioned above...

what can I do?
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 565

mmm PHP...


View Profile WWW
« Reply #12 on: May 26, 2006, 11:40:56 PM »

I don't know why, even if I don't know if it was this bug I had spam bots in my gallery yesterday whose used a sql injection bug on my gallery to spam user comments with advertisement for porno links and so on...
and how did you get to this conclusion? do you have proof they used a hole in 4images? (not that I'm judging you Wink)
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
vBFreak
Newbie
*
Offline Offline

Posts: 42

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #13 on: May 27, 2006, 04:29:39 AM »

I'm sure since they were not registered and if you're not registered you're unable to post comments, I've tested that.

Also as I've viewed the comments in my admin cp to delete them, some fields seemed to be empty or so, the comment overview of the picture where they had spammed looked really strange especially for these comments only, so I don't think these comments were made through the 4images gallery itself.
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 565

mmm PHP...


View Profile WWW
« Reply #14 on: May 27, 2006, 07:48:07 PM »

Ok, please attach your sessions.php, I'll take a look at it.
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Pages: [1] 2 3 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.095 seconds with 19 queries.