4images Forum & Community

4images Help / Hilfe => Bug Fixes & Patches => Topic started by: kai on March 19, 2012, 02:50:08 PM

Title: [1.7 - 1.7.10] Security fix for open redirect vulnerability in admin/index.php
Post by: kai on March 19, 2012, 02:50:08 PM
A open redirect vulnerability in the 4images admin panel 1.7 - 1.7.10 has been found.

To fix this:

In admin/index.php

find

if ($redirect != "") {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
exit;



and replace it with

if ($redirect != "") {
if (strpos($redirect, '://') === false) {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
} else {
redirect('home.php');
}
exit;
Title: Re: [1.7 - 1.7.10] Security fix for open redirect vulnerability in admin/index.php
Post by: LEDONegm on January 17, 2017, 12:26:27 AM
https://msry.org/ (https://msry.org/)
https://msry.org/pictures.html/ (https://msry.org/pictures.html/)
https://msry.org/funny-pictures.html/ (https://msry.org/funny-pictures.html/)
https://msry.org/jokes.html/ (https://msry.org/jokes.html/)
https://msry.org/%D8%B5%D9%88%D8%B1-%D9%88%D8%B1%D8%AF.html/ (https://msry.org/%D8%B5%D9%88%D8%B1-%D9%88%D8%B1%D8%AF.html/)
https://msry.org/girls-pictures.html/ (https://msry.org/girls-pictures.html/)
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%A7%D8%B7%D9%81%D8%A7%D9%84.html/ (https://msry.org/%D8%B5%D9%88%D8%B1-%D8%A7%D8%B7%D9%81%D8%A7%D9%84.html/)
https://msry.org/love-messages.html/ (https://msry.org/love-messages.html/)
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%B1%D9%88%D9%85%D8%A7%D9%86%D8%B3%D9%8A%D8%A9.html/ (https://msry.org/%D8%B5%D9%88%D8%B1-%D8%B1%D9%88%D9%85%D8%A7%D9%86%D8%B3%D9%8A%D8%A9.html/)
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%AD%D8%A8.html/ (https://msry.org/%D8%B5%D9%88%D8%B1-%D8%AD%D8%A8.html/)
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%AD%D8%B2%D9%86.html/ (https://msry.org/%D8%B5%D9%88%D8%B1-%D8%AD%D8%B2%D9%86.html/)
https://msry.org/egyptian-jokes.html/ (https://msry.org/egyptian-jokes.html/)
https://msry.org/stories.html/ (https://msry.org/stories.html/)
https://msry.org/%D9%83%D9%84%D8%A7%D9%85-%D8%AD%D8%A8.html/ (https://msry.org/%D9%83%D9%84%D8%A7%D9%85-%D8%AD%D8%A8.html/)
https://msry.org/islamic-images.html/ (https://msry.org/islamic-images.html/)
https://msry.org/islamic-pictures.html/ (https://msry.org/islamic-pictures.html/)
https://msry.org/love-words.html/ (https://msry.org/love-words.html/)
https://msry.org/words-of-love.html/ (https://msry.org/words-of-love.html/)
https://msry.org/birthday-messages.html/ (https://msry.org/birthday-messages.html/)
https://msry.org/%D8%A7%D8%BA%D8%A7%D9%86%D9%89-%D8%A7%D8%B7%D9%81%D8%A7%D9%84.html/ (https://msry.org/%D8%A7%D8%BA%D8%A7%D9%86%D9%89-%D8%A7%D8%B7%D9%81%D8%A7%D9%84.html/)
https://msry.org/ramadan-songs.html/ (https://msry.org/ramadan-songs.html/)
https://msry.org/%D8%A7%D8%B0%D9%83%D8%A7%D8%B1-%D8%A7%D9%84%D9%85%D8%B3%D8%A7%D8%A1.html/ (https://msry.org/%D8%A7%D8%B0%D9%83%D8%A7%D8%B1-%D8%A7%D9%84%D9%85%D8%B3%D8%A7%D8%A1.html/)
Title: Re: [1.7 - 1.7.10] Security fix for open redirect vulnerability in admin/index.php
Post by: mahsabk on April 17, 2018, 01:36:22 PM
goood 8O