4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
February 18, 2018, 12:22:59 AM

Login with username, password and session length
Search:     Advanced search
4images is now on facebook. Click here and become a fan!
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 - 1.7.10] Security fix for open redirect vulnerability in admin/index.php
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: [1.7 - 1.7.10] Security fix for open redirect vulnerability in admin/index.php  (Read 8520 times)
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 197


View Profile WWW
« on: March 19, 2012, 02:50:08 PM »

A open redirect vulnerability in the 4images admin panel 1.7 - 1.7.10 has been found.

To fix this:

In admin/index.php

find

1
2
3
4
5
6
if ($redirect != "") {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo 
"<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
exit;


and replace it with

1
2
3
4
5
6
7
8
9
if ($redirect != "") {
if (
strpos($redirect'://') === false) {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo 
"<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
} else {
redirect('home.php');
}
exit;
Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
LEDONegm(banned)
Pre-Newbie

Offline Offline

Posts: 2

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #1 on: January 17, 2017, 12:26:27 AM »

https://msry.org/
https://msry.org/pictures.html/
https://msry.org/funny-pictures.html/
https://msry.org/jokes.html/
https://msry.org/%D8%B5%D9%88%D8%B1-%D9%88%D8%B1%D8%AF.html/
https://msry.org/girls-pictures.html/
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%A7%D8%B7%D9%81%D8%A7%D9%84.html/
https://msry.org/love-messages.html/
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%B1%D9%88%D9%85%D8%A7%D9%86%D8%B3%D9%8A%D8%A9.html/
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%AD%D8%A8.html/
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%AD%D8%B2%D9%86.html/
https://msry.org/egyptian-jokes.html/
https://msry.org/stories.html/
https://msry.org/%D9%83%D9%84%D8%A7%D9%85-%D8%AD%D8%A8.html/
https://msry.org/islamic-images.html/
https://msry.org/islamic-pictures.html/
https://msry.org/love-words.html/
https://msry.org/words-of-love.html/
https://msry.org/birthday-messages.html/
https://msry.org/%D8%A7%D8%BA%D8%A7%D9%86%D9%89-%D8%A7%D8%B7%D9%81%D8%A7%D9%84.html/
https://msry.org/ramadan-songs.html/
https://msry.org/%D8%A7%D8%B0%D9%83%D8%A7%D8%B1-%D8%A7%D9%84%D9%85%D8%B3%D8%A7%D8%A1.html/
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.069 seconds with 19 queries.
Post your comments here