4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
September 19, 2018, 10:50:02 PM

Login with username, password and session length
Search:     Advanced search
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.9] Security fix for sql injection in admin/categories.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: [1.7 - 1.7.9] Security fix for sql injection in admin/categories.php  (Read 9158 times)
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 199


View Profile WWW
« on: April 11, 2011, 10:23:17 AM »

A possible sql injection vulnerability in 4images 1.7 - 1.7.9 has been found.
With this logged in admin users could alter queries to the application SQL database.

To fix this:

In admin/categories.php

find 2 x

1
2
3
4
5
6
7
8
9
  $auth_viewcat $HTTP_POST_VARS['auth_viewcat'];
  
$auth_viewimage $HTTP_POST_VARS['auth_viewimage'];
  
$auth_download $HTTP_POST_VARS['auth_download'];
  
$auth_upload $HTTP_POST_VARS['auth_upload'];
  
$auth_directupload $HTTP_POST_VARS['auth_directupload'];
  
$auth_vote $HTTP_POST_VARS['auth_vote'];
  
$auth_sendpostcard $HTTP_POST_VARS['auth_sendpostcard'];
  
$auth_readcomment $HTTP_POST_VARS['auth_readcomment'];
  
$auth_postcomment $HTTP_POST_VARS['auth_postcomment'];

and replace with

1
2
3
4
5
6
7
8
9
  $auth_viewcat intval($HTTP_POST_VARS['auth_viewcat']);
  
$auth_viewimage intval($HTTP_POST_VARS['auth_viewimage']);
  
$auth_download intval($HTTP_POST_VARS['auth_download']);
  
$auth_upload intval($HTTP_POST_VARS['auth_upload']);
  
$auth_directupload intval($HTTP_POST_VARS['auth_directupload']);
  
$auth_vote intval($HTTP_POST_VARS['auth_vote']);
  
$auth_sendpostcard intval($HTTP_POST_VARS['auth_sendpostcard']);
  
$auth_readcomment intval($HTTP_POST_VARS['auth_readcomment']);
  
$auth_postcomment intval($HTTP_POST_VARS['auth_postcomment']);
Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.059 seconds with 20 queries.
Post your comments here