4images Help / Hilfe > Bug Fixes & Patches

[1.7 - 1.7.10] Security fix for open redirect vulnerability in admin/index.php

(1/1)

kai:
A open redirect vulnerability in the 4images admin panel 1.7 - 1.7.10 has been found.

To fix this:

In admin/index.php

find

if ($redirect != "") {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
exit;



and replace it with

if ($redirect != "") {
if (strpos($redirect, '://') === false) {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
} else {
redirect('home.php');
}
exit;

LEDONegm:
https://msry.org/
https://msry.org/pictures.html/
https://msry.org/funny-pictures.html/
https://msry.org/jokes.html/
https://msry.org/%D8%B5%D9%88%D8%B1-%D9%88%D8%B1%D8%AF.html/
https://msry.org/girls-pictures.html/
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%A7%D8%B7%D9%81%D8%A7%D9%84.html/
https://msry.org/love-messages.html/
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%B1%D9%88%D9%85%D8%A7%D9%86%D8%B3%D9%8A%D8%A9.html/
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%AD%D8%A8.html/
https://msry.org/%D8%B5%D9%88%D8%B1-%D8%AD%D8%B2%D9%86.html/
https://msry.org/egyptian-jokes.html/
https://msry.org/stories.html/
https://msry.org/%D9%83%D9%84%D8%A7%D9%85-%D8%AD%D8%A8.html/
https://msry.org/islamic-images.html/
https://msry.org/islamic-pictures.html/
https://msry.org/love-words.html/
https://msry.org/words-of-love.html/
https://msry.org/birthday-messages.html/
https://msry.org/%D8%A7%D8%BA%D8%A7%D9%86%D9%89-%D8%A7%D8%B7%D9%81%D8%A7%D9%84.html/
https://msry.org/ramadan-songs.html/
https://msry.org/%D8%A7%D8%B0%D9%83%D8%A7%D8%B1-%D8%A7%D9%84%D9%85%D8%B3%D8%A7%D8%A1.html/

mahsabk:
goood 8O

Navigation

[0] Message Index

Go to full version